[openssl-dev] X25519 is the default curve for ECDHE in OpenSSL 1.1.0
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Fri Sep 16 15:57:21 UTC 2016
On 9/16/16, 11:52, "openssl-dev on behalf of Salz, Rich" <openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:
>>OpenSSL 1.0.2h also defaults to this curve if there are no curves advertised
>> by client.
>
>When I made X25519 the default, I didn't think about it. That was probably a mistake. Good catch!
I think so.
>
>> So it is very likely that any client that doesn't advertise curves will expect the
>> server to select prime256v1. At the same time it is very unlikely that it will
>> support x25519 (given how new it is).
>
>Well the major browsers support it now, so once servers start upgrading to 1.1.0 it will be less of an issue. But maybe the community thinks the current behavior is a bug?
Yes I think it is a bug, and would like to see this behavior reverted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160916/727814a0/attachment-0001.bin>
More information about the openssl-dev
mailing list