[openssl-dev] rejecting elliptic_curves/supported_groups in ServerHello (new behavior in master/1.1.1 vs 1.1.0)
Dr. Stephen Henson
steve at openssl.org
Wed Oct 4 19:49:27 UTC 2017
On Wed, Oct 04, 2017, Mahesh Bhoothapuri wrote:
> I am attaching a pcap where I set the supported list to contain X25519.
> The client extension contains X25519. However, the server still responds
> with keyshare extension secp256r1 in a hello retry request.
>
Are you calling SSL_CTX_set1_groups_list() including X25519 on the server too?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list