On Tue, Apr 19, 2016 at 06:30:05PM +0200, Janusz Dziemidowicz wrote: > 2016-04-19 18:13 GMT+02:00 Emeric Brun <eb...@haproxy.com>: > > I don't know how the curve negotiation works, but i have some questions. > > > > What is the behavior if the SSL_CTX_set_ecdh_auto is used on server side > > and if > > the client doesn't support the neg. > > > > In other words: > > > > Is it useful to set both SSL_CTX_set_ecdh_auto and SSL_CTX_set_tmp_ecdh > > (with the first one of the list for instance), to ensure > > the first wanted curve is used if client doesn't support the neg. > > Not really. In TLS protocol, there is only one way for a client t > select elliptic curve, that is using "supported eliptic curves" > extensions. The confusing part is OpenSSL API. The "old" API, aka > SSL_CTX_set_tmp_ecdh(), allowed only curve to be selected by the > server. If it was not present on the extension sent by client, then > bummer, connection error. The new API "SSL_CTX_set_ecdh_auto" supports > real negotiation, as it was always in the design of TLS. Client sends > its curves list in the extension, server tries to find a matching > curve from a list it supports. > > There are no clients "not supporting the neg". If the client supports > elliptic curves at all it must send the list in the extension.
OK so Emeric, should I merged it or do you have other questions ? Thanks, Willy