On Wed, Nov 26, 2025 at 11:28 AM Muhammad Usama Sardar < [email protected]> wrote:
> [ I haven't followed the discussions here; so apologies in advance but > this seems very wrong ] > On 26.11.25 19:59, D. J. Bernstein wrote: > > Recall from RFC 8446 that TLS > 1.3 mandates ECC. > > What exactly do you mean by that? key_share in TLS 1.3 is clearly an > optional extension as marked by * in [0]. Please point me to exact > statement in RFC 8446bis that states that ECC is mandatory. > It's mandatory to implement per: https://www.rfc-editor.org/rfc/rfc8446#section-9.1 A TLS-compliant application MUST support key exchange with secp256r1 (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748]. Of course, from a technical perspective, nothing stops you from choosing not to implement P-256 and as has been pointed out repeatedly, there are no IETF protocol police; you'll just not be compliant with RFC 8446 in this respect. -Ekr
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
