On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > if (SSL_CTX_set1_groups_list(ctx, "P-521:P-384:P-256") == 0) { > //error > } >
If you have the above line you're telling the client to advertise support for P-521:P-384:P-256 in that order and the server to only use them. > The client and server both use SSL_CTX_set1_groups-list to set the > supported group list. Right now, the server always > has P-256 in the supported groups extension. > When the the groups list is changed to add X25519, the server responds > with P-256. Is there a way to have the server support > multiple specified groups. > > Section 9.1 of the rfc states: > " > > A TLS-compliant application MUST support digital signatures with > rsa_pkcs1_sha256 (for certificates), rsa_pss_sha256 (for > CertificateVerify and certificates), and ecdsa_secp256r1_sha256. A > TLS-compliant application MUST support key exchange with secp256r1 > (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748 > <https://tools.ietf.org/html/rfc7748>]. > " > Yes and OpenSSL does support those but there is nothing stopping a server or client being configured to support a different set of groups. > So, having the server support P-256 satisfies the MUST part. How > can we support X25519 on the server, or > Use X25519 in the supported group list. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev