On Sat, Sep 17, 2016 at 03:46:53PM +0000, Salz, Rich wrote:
> > If a client offers ECDHE ciphers with no curve list, one might
> > alternatively just
> > use P-256. It is likely better than the other choices. Most clients will
> > send a
> > curve list.
> Most will, and I'd rather get people off P256 and onto X25519, which is
> why I prefer no ECDHE unless the client sends a curve list.
I think our responsibility to our users is primarily to provide
the best security we're able, and only secondarily to prod and
nudge them in the direction of progress.
Offering X25519 and making it preferred over P-256 is compatible
with those priorities. Avoiding ECDHE, and using FFDHE or RSA key
exchange (recall that Chrome, e.g., avoids FFDHE) is not IMHO in
the interest of the users, and so is not I think in ours.
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev