2016-04-19 18:13 GMT+02:00 Emeric Brun <[email protected]>: > I don't know how the curve negotiation works, but i have some questions. > > What is the behavior if the SSL_CTX_set_ecdh_auto is used on server side and > if > the client doesn't support the neg. > > In other words: > > Is it useful to set both SSL_CTX_set_ecdh_auto and SSL_CTX_set_tmp_ecdh (with > the first one of the list for instance), to ensure > the first wanted curve is used if client doesn't support the neg.
Not really. In TLS protocol, there is only one way for a client t select elliptic curve, that is using "supported eliptic curves" extensions. The confusing part is OpenSSL API. The "old" API, aka SSL_CTX_set_tmp_ecdh(), allowed only curve to be selected by the server. If it was not present on the extension sent by client, then bummer, connection error. The new API "SSL_CTX_set_ecdh_auto" supports real negotiation, as it was always in the design of TLS. Client sends its curves list in the extension, server tries to find a matching curve from a list it supports. There are no clients "not supporting the neg". If the client supports elliptic curves at all it must send the list in the extension. -- Janusz Dziemidowicz
