[openssl-users] How to choose ECDH and ECDHE with curve more than 192
Rakesh T
rakesht at cdac.in
Sun Jun 19 14:56:40 UTC 2016
Got this solved, while updating. as the latest openssl version has a minimum
curve value of P-256.
Thanks & Regards
Raakesh. T
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
Rakesh T
Sent: 17 June 2016 10:32
To: openssl-users at openssl.org
Cc: wiki at openssl.org
Subject: [openssl-users] How to choose ECDH and ECDHE with curve more than
192
Hi,
I am using tomcat server, where I came across a situation where
TestSSLServer(http://www.bolet.org/TestSSLServer/) tool reports the below,
Highly appreciate your expertise in recommending a solution to the finding
where I can choose ECDH curve size greater than 192. In the server the
suites are just ECDH or ECDHE. I wonder how to restrict the curve value for
the EC.
How can i resolve this at the server end.
Minimum EC size (no extension): 256
Minimum EC size (with extension): 160
Supported curves (size and name) ('*' = selected by server):
162 sect163k1 (K-163)
162 sect163r1
162 sect163r2 (B-163)
192 sect193r1
192 sect193r2
231 sect233k1 (K-233)
232 sect233r1 (B-233)
237 sect239k1
281 sect283k1 (K-283)
282 sect283r1 (B-283)
407 sect409k1 (K-409)
408 sect409r1 (B-409)
569 sect571k1 (K-571)
570 sect571r1 (B-571)
160 secp160k1
160 secp160r1
160 secp160r2
192 secp192k1
192 secp192r1 (P-192)
224 secp224k1
224 secp224r1 (P-224)
256 secp256k1
* 256 secp256r1 (P-256)
384 secp384r1 (P-384)
521 secp521r1 (P-521)
=========================================
WARN[SK004]: Server supports ECDH parameters smaller than 192 bits
Thanks and highly appreciate your advice.
Thanks & Regards
Raakesh. T
----------------------------------------------------------------------------
---------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
----------------------------------------------------------------------------
---------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]
This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
-------------------------------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160619/70525c35/attachment-0001.html>
More information about the openssl-users
mailing list