Hubert Kario <hka...@redhat.com> writes: >In my experience, many (12%) servers simply ignore the list of curves >advertised by client and use the P-256 curve always. > >Some (58%) check if it was advertised and fallback to non-ECDHE if P-256 is >not advertised.
When I checked, which is a year or two back now, I found similar problems (I didn't get hard figures but I had the feeling it was a lot higher than 12%, but then I wasn't conducting a rigorous survey). Conversely, I found that if you just ploughed ahead with P-256, things usually worked. This is what motivated the use of P-256 in -LTS, it's the de facto standard curve. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
