On Friday, 16 September 2016 17:26:03 CET Hubert Kario wrote:
> I've been running tests on the openssl 1.1.0 release recently and I've
> noticed that if the client doesn't include the supported_groups extension,
> OpenSSL will pick curve with id 0x001d, that is ecdh_x25519, as the curve
> to do ECD
On Saturday, 17 September 2016 16:14:02 CEST David Benjamin wrote:
> On Sat, Sep 17, 2016 at 12:06 PM Viktor Dukhovni
>
> wrote:
> > On Sat, Sep 17, 2016 at 03:46:53PM +, Salz, Rich wrote:
> > > > If a client offers ECDHE ciphers with no curve list, one might
> >
> > alternatively just
> >
>
On Friday, 16 September 2016 15:52:30 CEST Salz, Rich wrote:
> > The majority of servers (71%) support *only* prime256v1 curve and of the
> > ones that default to ECDHE key exchange nearly 83% will also default to
> > this curve.
>
> That's because most people have not moved to OpenSSL 1.1.0 yet.
On Sat, Sep 17, 2016 at 12:06 PM Viktor Dukhovni
wrote:
> On Sat, Sep 17, 2016 at 03:46:53PM +, Salz, Rich wrote:
>
> > > If a client offers ECDHE ciphers with no curve list, one might
> alternatively just
> > > use P-256. It is likely better than the other choices. Most clients
> will send
On Sat, Sep 17, 2016 at 03:46:53PM +, Salz, Rich wrote:
> > If a client offers ECDHE ciphers with no curve list, one might
> > alternatively just
> > use P-256. It is likely better than the other choices. Most clients will
> > send a
> > curve list.
>
> Most will, and I'd rather get peopl
> > In other words: only use ECDHE if client specifies a curve list. WFM.
>
> If a client offers ECDHE ciphers with no curve list, one might alternatively
> just
> use P-256. It is likely better than the other choices. Most clients will
> send a
> curve list.
Most will, and I'd rather get p
On Sat, Sep 17, 2016 at 02:35:20PM +, Salz, Rich wrote:
> > When we added X25519 to BoringSSL, we at the same time started made the
> > server require clients supply a curve list (and otherwise we'd just pick
> > a non-ECDHE cipher), because of this issue. That went in back in December
> > 201
> When we added X25519 to BoringSSL, we at the same time started made the
> server require clients supply a curve list (and otherwise we'd just pick a
> non-ECDHE cipher), because of this issue. That went in back in December 2015
> and it's been running just fine. I'd recommend OpenSSL do the sa
On 9/16/16, 11:52, "openssl-dev on behalf of Salz, Rich"
wrote:
>>OpenSSL 1.0.2h also defaults to this curve if there are no curves advertised
>> by client.
>
>When I made X25519 the default, I didn't think about it. That was probably a
>mistake. Good catch!
I think so.
>
>> So it is ver
On Fri, Sep 16, 2016 at 8:52 AM, Salz, Rich wrote:
...
That's because most people have not moved to OpenSSL 1.1.0 yet. I'm not
> joking, I think that's a major reason.
Well, you've provided them with a reason. ;-) Srsly, thanks for not making
the NIST curves the default.
- M
--
"Well," Bra
> The majority of servers (71%) support *only* prime256v1 curve and of the
> ones that default to ECDHE key exchange nearly 83% will also default to this
> curve.
That's because most people have not moved to OpenSSL 1.1.0 yet. I'm not
joking, I think that's a major reason.
> OpenSSL 1.0.2h als
I've been running tests on the openssl 1.1.0 release recently and I've noticed
that if the client doesn't include the supported_groups extension, OpenSSL
will pick curve with id 0x001d, that is ecdh_x25519, as the curve to do ECDHE
over.
While this is not incorrect behaviour according to the st
12 matches
Mail list logo