Is X25519/X448 supported for TLSv1.2?

John Jiang john.sha.jiang at gmail.com
Wed Jun 12 09:31:30 UTC 2019


On Wed, Jun 12, 2019 at 4:34 PM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

> On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote:
>
> > Using OpenSSL 1.1.1.
> > Just want to confirm that if OpenSSL supports curves X25519 and X448 for
> > TLSv1.2.
>
> Yes, it does.
>
> > Tried below commands,
> > openssl s_server -trace -state -cert server.cer -key server.key -accept
> port
> > openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519
> -connect localhost:port
>
> With same commands, using OpenSSL 1.1.1c, I get:
>
>     CONNECTION ESTABLISHED
>     Protocol version: TLSv1.2
>     Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
>     Peer certificate:
>     Hash used: SHA256
>     Signature type: RSA-PSS
>     Supported Elliptic Curve Point Formats:
> uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
>     Server Temp Key: X25519, 253 bits
>
> Perhaps your s_client is not the one from 1.1.1 or it is dynamically
> linked against 1.1.0 libraries...
>
My s_client can support TLSv1.3, so it should not be from any pre-1.1.1
version.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190612/57dd9412/attachment.html>


More information about the openssl-users mailing list