AIUI, OpenSSL's default highest preference curve is sect571r1 (aka
B-571). See [1] and [2].
The result of calling OpenSSL's recommended SSL_CTX_set_ecdh_auto(ctx,
1) function is that "the highest preference curve is automatically used
for ECDH temporary keys used during key exchange." [3]
And sure enough, when my SSL scanner (an OpenSSL-based client) scans
itself (an httpd/mod_ssl/OpenSSL-based server) [4], it reports that
sect571r1 is used. I haven't explicitly configured it to use this
curve. In fact, I would reconfigure it to use secp256r1 if I could find
a mod_ssl directive that would let me do that.
So I'm wondering if most people using sect571r1 are using it simply
because it's a default setting that they can't change, not because they
have a particularly strong desire to use it.
+1 to dropping sect571r1 and to Tony's suggestion of further trimming
the curve list.
[1]
https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.1l
[2]
https://www.ssllabs.com/ssltest/viewClient.html?name=OpenSSL&version=1.0.2
[3] http://openssl.org/docs/ssl/SSL_CTX_set_ecdh_auto.html
[4] https://sslanalyzer.comodoca.com/?url=sslanalyzer.comodoca.com
On 15/07/15 22:42, Dave Garrett wrote:
On Wednesday, July 15, 2015 05:39:26 pm Dave Garrett wrote:
It's the most used of the rarely used curves.
This statement is potentially confusing, actually, because in comparison to
P256 _everything_ is rarely used when it comes to ECDHE.
Dave
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
