qtun
qtun copied to clipboard
Published
20 hours ago •
shadowsocks
shadowsocks
qtun doesn't work when using ECC certificate
For example use the following command:
# This is a ECC certificate
shell> head -n 1 /etc/ssl/certs/343.re/privkey.pem
-----BEGIN EC PRIVATE KEY-----
shell> ss-libev-server -s 0.0.0.0 -p 12345 -k dnomd343 -m aes-256-ctr --plugin qtun-server --plugin-opts "cert=/etc/ssl/certs/343.re/fullchain.pem;key=/etc/ssl/certs/343.re/privkey.pem"
2022-01-28 14:46:17 INFO: plugin "qtun-server" enabled
2022-01-28 14:46:17 INFO: initializing ciphers... aes-256-ctr
2022-01-28 14:46:17 INFO: Stream ciphers are insecure, therefore deprecated, and should be almost always avoided.
2022-01-28 14:46:17 INFO: tcp server listening at 127.0.0.1:35937
2022-01-28 14:46:17 INFO: running from root user
[2022-01-28T14:46:17Z INFO qtun_server] loading cert: "/etc/ssl/certs/343.re/fullchain.pem"
[2022-01-28T14:46:17Z INFO qtun_server] loading key: "/etc/ssl/certs/343.re/privkey.pem"
Error: no private keys found
2022-01-28 14:46:17 ERROR: plugin service exit unexpectedly
2022-01-28 14:46:17 INFO: error on terminating the plugin.
It work fine when using RSA certificates:
# This is a RSA certificate
shell> head -n 1 /etc/ssl/certs/dns.343.re/private.key
-----BEGIN RSA PRIVATE KEY-----
shell> ss-libev-server -s 0.0.0.0 -p 12345 -k dnomd343 -m aes-256-ctr --plugin qtun-server --plugin-opts "cert=/etc/ssl/certs/dns.343.re
/certificate.crt;key=/etc/ssl/certs/dns.343.re/private.key"
2022-01-28 14:48:00 INFO: plugin "qtun-server" enabled
2022-01-28 14:48:00 INFO: initializing ciphers... aes-256-ctr
2022-01-28 14:48:00 INFO: Stream ciphers are insecure, therefore deprecated, and should be almost always avoided.
2022-01-28 14:48:00 INFO: tcp server listening at 127.0.0.1:60863
2022-01-28 14:48:00 INFO: running from root user
[2022-01-28T14:48:00Z INFO qtun_server] loading cert: "/etc/ssl/certs/dns.343.re/certificate.crt"
[2022-01-28T14:48:00Z INFO qtun_server] loading key: "/etc/ssl/certs/dns.343.re/private.key"
listening on 0.0.0.0:12345
Is it wrong with my configuration? Or qtun itself does not support ECC certificates?
