[openssl-dev] X25519 is the default curve for ECDHE in OpenSSL 1.1.0
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Sep 17 14:50:29 UTC 2016
On Sat, Sep 17, 2016 at 02:35:20PM +0000, Salz, Rich wrote:
> > When we added X25519 to BoringSSL, we at the same time started made the
> > server require clients supply a curve list (and otherwise we'd just pick
> > a non-ECDHE cipher), because of this issue. That went in back in December
> > 2015 and it's been running just fine. I'd recommend OpenSSL do the same.
>
> In other words: only use ECDHE if client specifies a curve list. WFM.
If a client offers ECDHE ciphers with no curve list, one might
alternatively just use P-256. It is likely better than the other
choices. Most clients will send a curve list.
--
Viktor.
More information about the openssl-dev
mailing list