> When we added X25519 to BoringSSL, we at the same time started made the
> server require clients supply a curve list (and otherwise we'd just pick a
> non-ECDHE cipher), because of this issue. That went in back in December 2015
> and it's been running just fine. I'd recommend OpenSSL do the sa
On Sat, Sep 17, 2016 at 02:35:20PM +, Salz, Rich wrote:
> > When we added X25519 to BoringSSL, we at the same time started made the
> > server require clients supply a curve list (and otherwise we'd just pick
> > a non-ECDHE cipher), because of this issue. That went in back in December
> > 201
> > In other words: only use ECDHE if client specifies a curve list. WFM.
>
> If a client offers ECDHE ciphers with no curve list, one might alternatively
> just
> use P-256. It is likely better than the other choices. Most clients will
> send a
> curve list.
Most will, and I'd rather get p
On Sat, Sep 17, 2016 at 03:46:53PM +, Salz, Rich wrote:
> > If a client offers ECDHE ciphers with no curve list, one might
> > alternatively just
> > use P-256. It is likely better than the other choices. Most clients will
> > send a
> > curve list.
>
> Most will, and I'd rather get peopl
On Sat, Sep 17, 2016 at 12:06 PM Viktor Dukhovni
wrote:
> On Sat, Sep 17, 2016 at 03:46:53PM +, Salz, Rich wrote:
>
> > > If a client offers ECDHE ciphers with no curve list, one might
> alternatively just
> > > use P-256. It is likely better than the other choices. Most clients
> will send
Hi,
Commands which execute normally with OpenSSL 1.0.2h fail in OpenSSL
1.1.0. Presumably after the "Big apps cleanup (option-parsing, etc)",
Options after parameters are no longer interpreted. For example,
'openssl dhparam 128 -out /dev/null' used to discard the DH params
output, but since 1.0.2
On Sat Sep 17 17:54:11 2016, pe...@lekensteyn.nl wrote:
> Hi,
>
> Commands which execute normally with OpenSSL 1.0.2h fail in OpenSSL
> 1.1.0. Presumably after the "Big apps cleanup (option-parsing, etc)",
>
> Options after parameters are no longer interpreted. For example,
> 'openssl dhparam 128 -