[openssl-users] Curves and ECDHParameters

Joseph Christopher Sible jcsible at cert.org
Tue Sep 11 20:55:36 UTC 2018

What exactly are each of "Curves" and "ECDHParameters" used for, as
documented by https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html?

My understanding of elliptic curves in TLS is that they're used in two
places: as ECDSA key pairs used in certificates, and in ECDHE for key
exchange. (Are there more uses I'm not aware of?)

I know the curve used for ECDSA is a property of the key pair associated
with the certificate, so it doesn't make sense to be a setting controlled
at runtime. My best guess is that the curve for ECDHE is controlled by
ECDHParameters. Given all of this, I can't figure out what's left for the
"Curves" parameter to control.

Are my above assumptions right? If so, what does "Curves" control?

Joseph C. Sible

More information about the openssl-users mailing list