For the record - this fix has been committed in early August:
master:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc
OpenSSL_1_0_0-stable:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bcd092d70606e750d69a04a731c98fe16bb7668d
ssl_prepare_clienthello_tlsext has the following in t1_lib.c around line 1690.
pref_list[] is hard coded and includes some weaker curves. For
example, pref_list[] include NID_secp160r2, which offers 80-bits of
security.
It would be nice to be able to replace the hard coded list with a list
that
On Sun Nov 24 22:00:30 2013, noloa...@gmail.com wrote:
ssl_prepare_clienthello_tlsext has the following in t1_lib.c around
line 1690.
pref_list[] is hard coded and includes some weaker curves. For
example, pref_list[] include NID_secp160r2, which offers 80-bits of
security.
It would be