[openssl-users] Failure using ECDH-RSA-AES256-SHA with ssl3 on Master Branch

Matt Caswell matt at openssl.org
Mon Mar 23 13:48:52 UTC 2015



On 23/03/15 13:45, Viktor Dukhovni wrote:
> On Mon, Mar 23, 2015 at 01:01:29PM +0000, Matt Caswell wrote:
> 
>>> As Viktor states RFC 4492 says if the client sends no TLS extension
>>> containing the curves supported then the server can choose any supported
>>> curve. So your fix is to continue when we reach the second iteration if
>>> there are no curves in the second list rather than flag an error.
>>
>> Essentially yes, although with the refinement that the first iteration
>> checks the list of available curves for this SSL. This may or may not be
>> the same as the complete list of curves available in this *build* (e.g.
>> if SSL_set1_curves_list() has been used).
> 
> I would expect that a client sending an *empty* list of supported
> curves means no curves are supported by the client, and the server
> would not enable EC.  The case where the server is free to choose
> any curve is presumably when the client does not send a supported
> curves extension at all.

It is not valid to send an empty list. If the client uses the extension
then they *must* set at least one curve. Therefore if the client list is
empty then it can only be because the extension was not used.

Matt



More information about the openssl-users mailing list