Re: Bug in ssl3_get_client_key_exchange?

[Irina Souiki]

So my understanding is that by default point compression is off. I do 
believe all certificates I have have compressed points. I will not go 
into the debate which is standard or not, but I would suggest having an 
option to enable point compression more user friendly. Can you tell me 
if there is one that I might have missed? Because I'm basically hacking 
the makefile to put that in.

Also I have noticed that the openssl clinet sends a non empty 
CLIENT_KEY_EXCHANGE which makes me believe the default is ECDSA_sign. Do 
you know any details concerning openssl's preference with regards to 
ECDSA_sign vs ECDSA_fixed_ECDH?

Thanks,
Irina
Nils Larsch wrote:
Irina Souiki wrote:
Hi Nils,
I will try to add the patch and recompile tomorrow. The reason I was 
saying the point compression was "enabling" ECC is because without it 
the server cannot load the ECC certificate. Or maybe I am missing 
something...

well if you have a cert with compressed points then you need it
otherwise it shouldn't be necessary
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]