[openssl-users] OpenSSL 1.0.1 branch : setting Diffie Hellman Elliptic curve name via SSL_set_tmp_ecdh and EC_KEY_new_by_curve_name
sreeees at gmail.com
Thu Nov 3 11:30:51 UTC 2016
In our project, we are currently supporting two branches of OpenSSL (1.0.1
Recently we had a requirement to enable elliptic curve Diffie Hellman, we
see that in
OpenSSL 1.0.2 branch, we can use the below function to enable ECDH
/* Set automatic curve selection for server ssl to onoff.If onoff is 1 then
the highest preference curve is automatically used for ECDH temporary keys
used during key exchange. */
However in OpenSSL 1.0.1 the ECDH curve name has to be explicitly set by
the calling function. We researched about this and in one of the examples
in OpenSSL wiki at
we have found that *"**NID_X9_62_prime256v1" *is used.
Hence for OpenSSL 1.0.1, we have the implementation as below
sECDH = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // secp256r1 curve
- referred as prime256v1
However we are wondering, whether there is any recommendation for the
choice of the named elliptic curve. Is any particular recommended ? Any
suggestions in this regard is much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users