Christian Heimes <li...@cheimes.de> added the comment:
Please elaborate, how did you test that the curve is not support? Python calls
SSL_CTX_set_ecdh_auto(self->ctx, 1) to auto configure curves.
>>> import ssl
>>> ssl = ssl.SSLContext()
>>> ssl.set_ecdh_curve('X25519')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ssl.SSLError: unknown group (_ssl.c:3954)
The error message means that EC_KEY_new_by_curve_name() does not support
X25519's group.
Some notes:
* OpenSSL 1.0.2+ supports SSL_CTX_set1_curves_list() besides
SSL_CTX_set_tmp_ecdh()
* OpenSSL has no API to get configured curves from a context.
* I'm not sure how useful SSL_get1_curves() and SSL_get_shared_curve() would be
for a general audience. To reduce our maintenance burden, we only wrap
functions that are useful or required.
----------
assignee: -> christian.heimes
components: +SSL -Library (Lib)
nosy: +alex, christian.heimes, dstufft, janssen
stage: -> needs patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue32858>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
