[openssl-dev] X25519 is the default curve for ECDHE in OpenSSL 1.1.0
Salz, Rich
rsalz at akamai.com
Sat Sep 17 15:46:53 UTC 2016
> > In other words: only use ECDHE if client specifies a curve list. WFM.
>
> If a client offers ECDHE ciphers with no curve list, one might alternatively just
> use P-256. It is likely better than the other choices. Most clients will send a
> curve list.
Most will, and I'd rather get people off P256 and onto X25519, which is why I prefer no ECDHE unless the client sends a curve list.
More information about the openssl-dev
mailing list