projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 10a70da) | patch
Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).
authorEmilia Kasper <emilia@openssl.org>
Wed, 20 May 2015 13:47:51 +0000 (15:47 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 20 May 2015 14:04:37 +0000 (16:04 +0200)
commitf4d1fb776955187a35c3ee36d4413871917c3138
treecca36d520a0f30e841cdaa938e8eb34fc863b617tree | snapshot
parent10a70da729948bb573d27cef4459077c49f3eb46commit | diff
Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).

Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else.

The result:

$ openssl s_server -named_curves "auto"

This command will negotiate an ECDHE ciphersuite with P-256:

$ openssl s_client

This command will negotiate P-384:

$ openssl s_client -curves "P-384"

This command will not negotiate ECDHE because P-224 is disabled with "auto":

$ openssl s_client -curves "P-224"

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
CHANGES diff | blob | history
ssl/ssltest.c diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.