> It appears there is no way to specify that only a subset should be used? >
Yes, this is a know deficiency in the current code. I'm more familiar with the server side, but I think it's similar: if you set up *one* curve, then negotiation should happen accordingly; if you use a callback to provide curves, it will be expected to be able to handle any curve, which is fundamentally broken (a peer could be using a named curve that's not even defined yet). So technically, there is a way to specific that only a subset should be used -- it's just that the subset needs to be of size 0 or 1, which isn't utterly flexible. We should get around to fixing that at some point. Bodo
