On Wed, Jun 12, 2019 at 4:34 PM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote: > > > Using OpenSSL 1.1.1. > > Just want to confirm that if OpenSSL supports curves X25519 and X448 for > > TLSv1.2. > > Yes, it does. > > > Tried below commands, > > openssl s_server -trace -state -cert server.cer -key server.key -accept > port > > openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 > -connect localhost:port > > With same commands, using OpenSSL 1.1.1c, I get: > > CONNECTION ESTABLISHED > Protocol version: TLSv1.2 > Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 > Peer certificate: > Hash used: SHA256 > Signature type: RSA-PSS > Supported Elliptic Curve Point Formats: > uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2 > Server Temp Key: X25519, 253 bits > > Perhaps your s_client is not the one from 1.1.1 or it is dynamically > linked against 1.1.0 libraries... > My s_client can support TLSv1.3, so it should not be from any pre-1.1.1 version.