Thanks for the hint. The problem is fixed. Server was setting:
if (SSL_CTX_set1_groups_list(ctx, "X25519:P-256") == 0) { // } The call succeeds. But the old TLS 1.2 code was setting: int nid = NID_X9_62_prime256v1; EC_KEY* ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { //error } SSL_CTX_set_tmp_ecdh(ctx, ecdh); After disabling this, the server responds with the right group - X25519. Thanks, Mahesh
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev