On Sun Nov 24 22:00:30 2013, noloa...@gmail.com wrote: > ssl_prepare_clienthello_tlsext has the following in t1_lib.c around > line 1690. > > pref_list[] is hard coded and includes some weaker curves. For > example, pref_list[] include NID_secp160r2, which offers 80-bits of > security. > > It would be nice to be able to replace the hard coded list with a list > that includes curves with 112-bits or 128-bits of security or higher. > For example, a user may want to use NID_secp224r1 or NID_secp256r1 > (and above). >
Support for this is already in OpenSSL 1.0.2. See: http://www.openssl.org/docs/ssl/SSL_CTX_set1_curves.html Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
