sruester <[email protected]> added the comment:
With OpenSSL 1.1.0g, the Code
int nid = OBJ_sn2nid("X25519");
EC_KEY *key = EC_KEY_new_by_curve_name(nid);
printf("id:%i key:%p\n", nid, key);
gives
id:1034 key:(nil)
EC_KEY_new_by_curve_name is IMHO not the best option to define client side
curves. It can only select a single curve to be offered to the server, and it
does not (for whatever reason) support X25519 yet.
SSL_CTX_set1_curves_list() provides both, selection of multiple curves for the
client's preference list and it supports X25519 out of the box.
Aside from this I am missing a method in SSLSocket to give me information about
the key exchange (DH, ECDH, which curve was chosen, which bit size DH keys had,
...).
I prepared a pull request which addresses both. Please review and be gentle, it
is my first pull request here :-)
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue32858>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
