On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote:

>     if (SSL_CTX_set1_groups_list(ctx, "P-521:P-384:P-256") == 0) {
>            //error
>     }

If you have the above line you're telling the client to advertise support for
P-521:P-384:P-256 in that order and the server to only use them.

>     The client and server both use SSL_CTX_set1_groups-list to set the
> supported group list.  Right now,  the server always
>     has P-256 in the supported groups extension.
>     When the the groups list is changed to add X25519,  the server responds
> with P-256.   Is there a way to have the server support
>     multiple specified groups.
>     Section 9.1 of the rfc states:
>     "
> A TLS-compliant application MUST support digital signatures with
>    rsa_pkcs1_sha256 (for certificates), rsa_pss_sha256 (for
>    CertificateVerify and certificates), and ecdsa_secp256r1_sha256.  A
>    TLS-compliant application MUST support key exchange with secp256r1
>    (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748
> <https://tools.ietf.org/html/rfc7748>].
>   "

Yes and OpenSSL does support those but there is nothing stopping a server or
client being configured to support a different set of groups.

>   So, having the server support P-256 satisfies the MUST part.  How
> can we support X25519 on the server, or

Use X25519 in the supported group list.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to