Re: ECDHE problem with 1.0.2-dev

2013-11-04 Thread Piotr Sikora
Hey Steve, It picks the highest preference curve supported by both sides, which is usually the strongest curve but it doesn't have to be. Oh, cool! Thanks for clarifying that, I somehow missed the new functions to set the curves list before. Best regards, Piotr Sikora

ECDHE problem with 1.0.2-dev

2013-11-01 Thread Rob Stradling
Hi. When I build the latest development version of httpd or nginx against the OpenSSL_1_0_2-stable branch, the ECDHE-RSA and ECDHE-ECDSA ciphers don't work. With both webservers, I can get these ciphers to work by either... 1. Deleting: SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);

Re: ECDHE problem with 1.0.2-dev

2013-11-01 Thread Dr. Stephen Henson
On Fri, Nov 01, 2013, Rob Stradling wrote: Hi. When I build the latest development version of httpd or nginx against the OpenSSL_1_0_2-stable branch, the ECDHE-RSA and ECDHE-ECDSA ciphers don't work. With both webservers, I can get these ciphers to work by either... 1. Deleting:

Re: ECDHE problem with 1.0.2-dev

2013-11-01 Thread Piotr Sikora
Hey, I think it's a bug in OpenSSL 1.0.2. It shouldn't break anything that works in previous versions, at least not without a very good reason. I'll look into it. I already reported / patched this a while ago (with no response): https://rt.openssl.org/Ticket/Display.html?id=3103 It's the

Re: ECDHE problem with 1.0.2-dev

2013-11-01 Thread Dr. Stephen Henson
On Fri, Nov 01, 2013, Piotr Sikora wrote: Hey, I think it's a bug in OpenSSL 1.0.2. It shouldn't break anything that works in previous versions, at least not without a very good reason. I'll look into it. I already reported / patched this a while ago (with no response):