list supported groups and curves
Jordan Brown
openssl at jordan.maileater.net
Thu Feb 22 21:22:07 UTC 2024
On 2/22/2024 12:48 PM, Jordan Brown wrote:
> The C way is using EC_get_builtin_curves()
> <https://www.openssl.org/docs/man3.0/man3/EC_get_builtin_curves.html>.
But caution: I found that not all of the curves returned were actually
usable. I don't remember the details, but I found that several could
not be used to create keys, and a few could be used to create keys but
then could not be used to sign certificate signing requests. And
Oakley-EC2N-4 appeared particularly toxic; it appeared to corrupt
memory. I derived a usable-curves list by attempting to build keys with
each, and then attempting to build CSRs with each, plus manual filtering
for the Oakley curve.
It may be relevant that I am using OpenSSL 3.0.x in FIPS-140 mode.
(Don't know what micro. I'm on 12 now, but did the curve work several
months ago.)
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240222/f0574bfc/attachment.htm>
More information about the openssl-users
mailing list