On 27/02/2012 20:05, Stefan Fritsch wrote: > > I noticed that the ssl_callback_tmp* functions may return a different > key length than requested. Is this a problem? >
Well for EC the callback mechanism in OpenSSL is rather broken. It should be using an appropriate curve which both server and client support. Using P-256 (as the mod_ssl callback currently does) is a reasonable compromise that most clients should support. At some point support for Suite B modes will be included in OpenSSL and that will mean that in some cases P-384 should be used instead. The OpenSSL callback mechanism for EC is IMHO largely an unnecessary application burden. In the case of RSA and DH callbacks these involve time consuming key or parameter generation operations which applications might specify from pre-generated sources. For EC the callback just sends back a static structure containing the curve to use with minimal computational overhead. OpenSSL could just do the right thing automatically here and send back a curve the peer is willing to use and server applications would then automatically support EC. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
