Kurt, > Please note that for key exchange it's X25519. Ed25519 is for > authentication.
thanks again for the valuable hint. In the meantime, I have downloaded and compiled OpenSSL 1.1.0c for my web server. According to the following and many other articles, OpenSSL 1.1.x should support ed25519 / x25519: https://certsimple.com/blog/safe-curves-and-openssl But if I do ./openssl ecparam -list_curves, I indeed get a long list of supported curves, but no 25519 and no 448 among them. Did they remove it again in the newest version for some reason? Please apologize if I am going off-topic - this question is probably for the OpenSSL mailing list, but on the other hand, it fits perfectly into the discussion here ... Regards, Binarus _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

