On Thu, Jun 13, 2019 at 12:28 PM Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote: > > > I got the point: the server certificate is ECDSA with curve secp256r1. > > It works with RSA certificate and curves > > sepc256r1/sepc384r1/sepc521r1/x25519/x448. > > See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924 > > When using ECDSA with TLSv1.2, the group list MUST include the group > used in the certificate. Otherwise, you get no shared cipher as > you reported. How about this point in TLSv1.3? With my testing, the case "ECDSA certificate with curve secp256r1 + named group secp521r1" work fine with OpenSSL s_server and s_client. > You can *prefer* X25519, but you cannot only offer > X25519. > Just an intentional test.
