From 1015d65cd8e1c1f5b7946e1ba4920a4cb1352423 Mon Sep 17 00:00:00 2001 From: Andrew Cunliffe Date: Mon, 4 May 2026 11:08:15 -0700 Subject: [PATCH] docs(authentication): note OpenSSL 3.x requirement for Ed25519 macOS ships LibreSSL as the system openssl, which doesn't support Ed25519 in `genpkey`. The current docs run those commands without caveat, so first-time integrators on macOS hit a confusing "Algorithm Ed25519 not found" error before they get anywhere. Adds a Note callout to the DNS Authentication section explaining the requirement and pointing to `brew install openssl@3` plus the explicit binary paths on Apple Silicon and Intel macs. Adds a shorter cross-reference Note in the HTTP Authentication section since the same Ed25519 commands appear there. The ECDSA P-384 codepath works on LibreSSL, so it's not affected. --- docs/modelcontextprotocol-io/authentication.mdx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/modelcontextprotocol-io/authentication.mdx b/docs/modelcontextprotocol-io/authentication.mdx index f5af3ad8..78bf23a1 100644 --- a/docs/modelcontextprotocol-io/authentication.mdx +++ b/docs/modelcontextprotocol-io/authentication.mdx @@ -59,6 +59,10 @@ DNS authentication is a domain-based authentication method that relies on a DNS To perform DNS authentication using the `mcp-publisher` CLI tool, run the following commands in your server project directory to generate a TXT record based on a public/private key pair: + + The Ed25519 codepath requires **OpenSSL 3.0 or later**. macOS ships with LibreSSL by default (the system `openssl` binary), which does not implement Ed25519 in `genpkey` and fails with `Algorithm Ed25519 not found`. On macOS, install OpenSSL 3 (`brew install openssl@3`) and invoke it explicitly — for example, replace `openssl` with `/opt/homebrew/opt/openssl@3/bin/openssl` (Apple Silicon) or `/usr/local/opt/openssl@3/bin/openssl` (Intel) in the commands below. The ECDSA P-384 codepath works on LibreSSL. + + ```bash Ed25519 @@ -185,6 +189,10 @@ HTTP authentication is a domain-based authentication method that relies on a `/. To perform HTTP authentication using the `mcp-publisher` CLI tool, run the following commands in your server project directory to generate an `mcp-registry-auth` file based on a public/private key pair: + + As with DNS authentication, the Ed25519 codepath requires **OpenSSL 3.0 or later**. macOS's system LibreSSL does not support Ed25519 in `genpkey`. See the note in the [DNS Authentication](#dns-authentication) section for the macOS workaround. + + ```bash Ed25519