Is X25519/X448 supported for TLSv1.2?
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jun 12 08:33:41 UTC 2019
On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote:
> Using OpenSSL 1.1.1.
> Just want to confirm that if OpenSSL supports curves X25519 and X448 for
> TLSv1.2.
Yes, it does.
> Tried below commands,
> openssl s_server -trace -state -cert server.cer -key server.key -accept port
> openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 -connect localhost:port
With same commands, using OpenSSL 1.1.1c, I get:
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
Peer certificate:
Hash used: SHA256
Signature type: RSA-PSS
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Server Temp Key: X25519, 253 bits
Perhaps your s_client is not the one from 1.1.1 or it is dynamically
linked against 1.1.0 libraries...
--
Viktor.
More information about the openssl-users
mailing list