Hi Adriaan,
Adriaan de Jong wrote:
+void
+tls_ctx_load_ecdh_params (struct tls_root_ctx *ctx, const char
*curve_name
+)
+{
+#ifdef USE_SSL_EC
+ if (curve_name != NULL)
+ {
+int nid;
+EC_KEY *ecdh = NULL;
+
+nid = OBJ_sn2nid(curve_name);
+
+if (nid ==
Hi Jan-Just,
> -Original Message-
> From: Jan Just Keijser [mailto:janj...@nikhef.nl]
> Adriaan de Jong wrote:
> >
> > On 02/07/2012 04:13 PM, Jan Just Keijser wrote:
> >>
> >> +void
> >> +tls_ctx_load_ecdh_params (struct tls_root_ctx *ctx, const char
> *curve_name
> >> +)
> >> +{
Hi Adriaan,
Adriaan de Jong wrote:
Hi Janjust,
I've finally had the time to take a look at this patch with a colleague
who is more familiar with the subject at hand :).
Hope this helps. Please see my comments inline.
Adriaan
On 02/07/2012 04:13 PM, Jan Just Keijser wrote:
Added support
Hi Janjust,
I've finally had the time to take a look at this patch with a colleague
who is more familiar with the subject at hand :).
Hope this helps. Please see my comments inline.
Adriaan
On 02/07/2012 04:13 PM, Jan Just Keijser wrote:
> Added support for Elliptic curves (ECDSA) + SHA2
Alon Bar-Lev wrote:
> This is nice!
>
> Some questions:
>
> 1. Why not enable this automatically if openssl is sufficient version?
> There is no point in not using this if available.
>
some distro's (notably RedHat) disable EC support by default; so it's
not possible to check the OpenSSL version
This is nice!
Some questions:
1. Why not enable this automatically if openssl is sufficient version?
There is no point in not using this if available.
2. I would have liked to see this in negotiation as well, so server will
use EC if supported by the client and fallback if not... This way