From 70ebe5620db5c0f9ca218d72832962b159397da7 Mon Sep 17 00:00:00 2001
From: angristan <angristan@pm.me>
Date: Sun, 23 Sep 2018 17:06:15 +0200
Subject: [PATCH] secp256r1 -> prime256v1

---
 README.md          |  8 ++++----
 openvpn-install.sh | 12 ++++++------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index c66a89e..64c6f08 100644
--- a/README.md
+++ b/README.md
@@ -176,10 +176,10 @@ OpenVPN 2.4 added support for ECDSA. Elliptic curve cryptography is faster, ligh
 
 This script provides:
 
-- ECDSA: `secp256r1`/`secp384r1`/`secp521r1` curves
+- ECDSA: `prime256v1`/`secp384r1`/`secp521r1` curves
 - RSA: `2048`/`3072`/`4096` bits keys
 
-It defaults to ECDSA with `secp256r1`.
+It defaults to ECDSA with `prime256v1`.
 
 OpenVPN uses `SHA-256` as the signature hash by default, and so does the script. It provides no other choice as of now.
 
@@ -241,10 +241,10 @@ Also, generating a classic DH keys can take a long, looong time. ECDH keys are e
 
 The script provides the following options:
 
-- ECDH: `secp256r1`/`secp384r1`/`secp521r1` curves
+- ECDH: `prime256v1`/`secp384r1`/`secp521r1` curves
 - DH: `2048`/`3072`/`4096` bits keys
 
-It defaults to `secp256r1`.
+It defaults to `prime256v1`.
 
 ### HMAC digest algorithm
 
diff --git a/openvpn-install.sh b/openvpn-install.sh
index 21d03b7..99fcb8a 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -312,10 +312,10 @@ function installQuestions () {
 		# Use default, sane and fast paramters
 		CIPHER="AES-128-GCM"
 		CERT_TYPE="1" # ECDSA
-		CERT_CURVE="secp256r1"
+		CERT_CURVE="prime256v1"
 		CC_CIPHER="TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"
 		DH_TYPE="1" # ECDH
-		DH_CURVE="secp256r1"
+		DH_CURVE="prime256v1"
 		HMAC_ALG="SHA256"
 		TLS_SIG="1" # tls-crypt
 	else
@@ -361,7 +361,7 @@ function installQuestions () {
 			1)
 				echo ""
 				echo "Choose which curve you want to use for the certificate's key:"
-				echo "   1) secp256r1 (recommended)"
+				echo "   1) prime256v1 (recommended)"
 				echo "   2) secp384r1"
 				echo "   3) secp521r1"
 				until [[ $CERT_CURVE_CHOICE =~ ^[1-3]$ ]]; do
@@ -369,7 +369,7 @@ function installQuestions () {
 				done
 				case $CERT_CURVE_CHOICE in
 					1)
-						CERT_CURVE="secp256r1"
+						CERT_CURVE="prime256v1"
 					;;
 					2)
 						CERT_CURVE="secp384r1"
@@ -446,7 +446,7 @@ function installQuestions () {
 			1)
 				echo ""
 				echo "Choose which curve you want to use for the ECDH key"
-				echo "   1) secp256r1 (recommended)"
+				echo "   1) prime256v1 (recommended)"
 				echo "   2) secp384r1"
 				echo "   3) secp521r1"
 				while [[ $DH_CURVE_CHOICE != "1" && $DH_CURVE_CHOICE != "2" && $DH_CURVE_CHOICE != "3" ]]; do
@@ -454,7 +454,7 @@ function installQuestions () {
 				done
 				case $DH_CURVE_CHOICE in
 					1)
-						DH_CURVE="secp256r1"
+						DH_CURVE="prime256v1"
 					;;
 					2)
 						DH_CURVE="secp384r1"