On 9/16/16, 11:52, "openssl-dev on behalf of Salz, Rich" 
<openssl-dev-boun...@openssl.org on behalf of rs...@akamai.com> wrote:

>>OpenSSL 1.0.2h also defaults to this curve if there are no curves advertised
>> by client.
>When I made X25519 the default, I didn't think about it.  That was probably a 
>mistake.  Good catch!

I think so.

>> So it is very likely that any client that doesn't advertise curves will 
>> expect the
>> server to select prime256v1. At the same time it is very unlikely that it 
>> will
>> support x25519 (given how new it is).
>Well the major browsers support it now, so once servers start upgrading to 
>1.1.0 it will be less of an issue.  But maybe the community thinks the current 
>behavior is a bug?

Yes I think it is a bug, and would like to see this behavior reverted.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to