On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote: > Thanks for the hint. The problem is fixed. > > Server was setting: > > if (SSL_CTX_set1_groups_list(ctx, "X25519:P-256") == 0) { > // > } > > The call succeeds. > > But the old TLS 1.2 code was setting: > > int nid = NID_X9_62_prime256v1; > EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); > if (ecdh == NULL) > { > //error > } > SSL_CTX_set_tmp_ecdh(ctx, ecdh); > > After disabling this, the server responds with the right group - X25519. >
Yes that's the problem. By doing that you're replacing the groups list with a single curve. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev