> > In other words: only use ECDHE if client specifies a curve list. WFM. > > If a client offers ECDHE ciphers with no curve list, one might alternatively > just > use P-256. It is likely better than the other choices. Most clients will > send a > curve list.
Most will, and I'd rather get people off P256 and onto X25519, which is why I prefer no ECDHE unless the client sends a curve list. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev