Is X25519/X448 supported for TLSv1.2?

Viktor Dukhovni openssl-users at dukhovni.org
Fri Jun 14 01:44:46 UTC 2019


On Fri, Jun 14, 2019 at 09:05:32AM +0800, John Jiang wrote:

> > See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924
> >
> > When using ECDSA with TLSv1.2, the group list MUST include the group
> > used in the certificate.  Otherwise, you get no shared cipher as
> > you reported.
> 
> How about this point in TLSv1.3?
> With my testing, the case "ECDSA certificate with curve secp256r1 + named
> group secp521r1" work fine with OpenSSL s_server and s_client.

In TLS 1.3, the "supported groups" extension restricts the curves
used in the key exchange:

  https://tools.ietf.org/html/rfc8446#section-4.2.7

The curves used for signing are covered by "signature algorithms":

    https://tools.ietf.org/html/rfc8446#section-4.2.3

Which should, if I am not mistaken, allow an ECDSA certificate to
be used with a "supported groups" list that does not list the curve
associated with the certificate.

-- 
	Viktor.


More information about the openssl-users mailing list