On Thu, Mar 1, 2012 at 11:28 PM, Erik Tkal et...@me.com wrote:
So then the question is will this be addressed in 1.0.1 or later?
Probably a bit later.
Bodo
-To: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
Date: Wed, 29 Feb 2012 18:52:11 -0500
To: openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
openssl-dev@openssl.orgmailto:openssl-dev@openssl.org
Subject: Re: Limiting EC curves
On Thu, Mar 1, 2012 at 11:16 AM, Erik Tkal et...@juniper.net wrote:
I looked around and found RFC 5430 - Suite B Profile for Transport Layer
Security (TLS), which states:
RFC 4492 defines a variety of elliptic curves. For cipher suites
defined in this specification, only secp256r1(23)
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behalf Of Bodo Moeller
Sent: Thursday, March 01, 2012 11:52 AM
To: openssl-dev@openssl.org
Subject: Re: Limiting EC curves in ClientHello
On Thu, Mar 1, 2012 at 11:16 AM, Erik Tkal
et...@juniper.netmailto:et
On Thu, Mar 1, 2012 at 4:06 PM, Erik Tkal et...@juniper.net wrote:
You mentioned previously that you can get it to specify none or one curve?
I don’t see how you would specify this, as it appears the client hello
preparation adds all of them is any EC cipher suite is specified?
Oh, sorry, you
So then the question is will this be addressed in 1.0.1 or later?
Erik Tkal
et...@me.com
On Mar 1, 2012, at 5:35 PM, Bodo Moeller wrote:
On Thu, Mar 1, 2012 at 4:06 PM, Erik Tkal et...@juniper.net wrote:
You mentioned previously that you can get it to
It appears there is no way to specify that only a subset should be used?
Yes, this is a know deficiency in the current code. I'm more familiar with
the server side, but I think it's similar: if you set up *one* curve, then
negotiation should happen accordingly; if you use a callback to provide