Christian Heimes <li...@cheimes.de> added the comment: Please elaborate, how did you test that the curve is not support? Python calls SSL_CTX_set_ecdh_auto(self->ctx, 1) to auto configure curves.
>>> import ssl >>> ssl = ssl.SSLContext() >>> ssl.set_ecdh_curve('X25519') Traceback (most recent call last): File "<stdin>", line 1, in <module> ssl.SSLError: unknown group (_ssl.c:3954) The error message means that EC_KEY_new_by_curve_name() does not support X25519's group. Some notes: * OpenSSL 1.0.2+ supports SSL_CTX_set1_curves_list() besides SSL_CTX_set_tmp_ecdh() * OpenSSL has no API to get configured curves from a context. * I'm not sure how useful SSL_get1_curves() and SSL_get_shared_curve() would be for a general audience. To reduce our maintenance burden, we only wrap functions that are useful or required. ---------- assignee: -> christian.heimes components: +SSL -Library (Lib) nosy: +alex, christian.heimes, dstufft, janssen stage: -> needs patch _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32858> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com