In t1_lib.c if any EC Cipher Suites are specified then TLS extensions are generated that indicate the client supports all three point compression formats and all 25 curves (I noticed the order changes between 1.0.0 and 1.0.1).
It appears there is no way to specify that only a subset should be used? E.g. doesn't Suite B specify two specific ones? Or does Suite B really mean the application MUST implement those two but that any of them are acceptable? Are they all FIPS compliant? Would there be any reason for the client (or server) to restrict these? Also, are there any good references on the relationship between the certificate and usable cipher suites, especially regarding the usage of EC suites with non-EC certs or vice versa? Thanks, Erik ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org