On Saturday, 17 September 2016 16:14:02 CEST David Benjamin wrote:
> On Sat, Sep 17, 2016 at 12:06 PM Viktor Dukhovni
>
> wrote:
> > On Sat, Sep 17, 2016 at 03:46:53PM +, Salz, Rich wrote:
> > > > If a client offers ECDHE ciphers with no curve list, one might
> >
> > alternatively just
> >
>
On Friday, 16 September 2016 15:52:30 CEST Salz, Rich wrote:
> > The majority of servers (71%) support *only* prime256v1 curve and of the
> > ones that default to ECDHE key exchange nearly 83% will also default to
> > this curve.
>
> That's because most people have not moved to OpenSSL 1.1.0 yet.
The documentation for SSL_CTX_add_client_custom_ext() states that "the
extension type must not be handled by OpenSSL internally or an error
occurs".
This isn't entirely true. In custom_ext_meth_add() we have this
comment:
/*
* Don't add if extension supported internally, but make excepti