> When we added X25519 to BoringSSL, we at the same time started made the 
> server require clients supply a curve list (and otherwise we'd just pick a 
> non-ECDHE cipher), because of this issue. That went in back in December 2015 
> and it's been running just fine. I'd recommend OpenSSL do the same.

In other words:  only use ECDHE if client specifies a curve list.  WFM.

openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to