I am attaching a pcap where I set the supported list to contain X25519. The client extension contains X25519. However, the server still responds with keyshare extension secp256r1 in a hello retry request.
This is the case for all the 5 TLS 1.3 ciphers. Is there another setting for the server to enable the supported groups? Thanks, Mahesh On Wed, Oct 4, 2017 at 8:02 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > > > if (SSL_CTX_set1_groups_list(ctx, "P-521:P-384:P-256") == 0) { > > //error > > } > > > > If you have the above line you're telling the client to advertise support > for > P-521:P-384:P-256 in that order and the server to only use them. > > > The client and server both use SSL_CTX_set1_groups-list to set the > > supported group list. Right now, the server always > > has P-256 in the supported groups extension. > > When the the groups list is changed to add X25519, the server > responds > > with P-256. Is there a way to have the server support > > multiple specified groups. > > > > Section 9.1 of the rfc states: > > " > > > > A TLS-compliant application MUST support digital signatures with > > rsa_pkcs1_sha256 (for certificates), rsa_pss_sha256 (for > > CertificateVerify and certificates), and ecdsa_secp256r1_sha256. A > > TLS-compliant application MUST support key exchange with secp256r1 > > (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748 > > <https://tools.ietf.org/html/rfc7748>]. > > " > > > > Yes and OpenSSL does support those but there is nothing stopping a server > or > client being configured to support a different set of groups. > > > So, having the server support P-256 satisfies the MUST part. How > > can we support X25519 on the server, or > > > > Use X25519 in the supported group list. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >
x25519_trace0.pcap
Description: Binary data
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev