Hi David,

On Wed, Apr 13, 2016 at 03:19:45PM -0500, David Martin wrote:
> This is my first attempt at a patch, I'd love to get some feedback on this.
> 
> Adds support for SSL_CTX_set_ecdh_auto which is available in OpenSSL 1.0.2.

> From 05bee3e95e5969294998fb9e2794ef65ce5a6c1f Mon Sep 17 00:00:00 2001
> From: David Martin <dmart...@gmail.com>
> Date: Wed, 13 Apr 2016 15:09:35 -0500
> Subject: [PATCH] use SSL_CTX_set_ecdh_auto() for ecdh curve selection
> 
> Use SSL_CTX_set_ecdh_auto if the OpenSSL version supports it, this
> allows the server to negotiate ECDH curves much like it does ciphers.
> Prefered curves can be specified using the existing ecdhe bind options
> (ecdhe secp384r1:prime256v1)

Could it have a performance impact ? I mean, may this allow a client to
force the server to use curves that imply harder computations for example ?
I'm asking because some people got seriously hit by the move from dhparm
1024 to 2048, so if this can come with a performance impact we possibly want
to let the user configure it.

Thanks,
Willy


Reply via email to