[openssl-users] Curves and ECDHParameters
Joseph Christopher Sible
jcsible at cert.org
Tue Sep 11 20:55:36 UTC 2018
What exactly are each of "Curves" and "ECDHParameters" used for, as
documented by https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html?
My understanding of elliptic curves in TLS is that they're used in two
places: as ECDSA key pairs used in certificates, and in ECDHE for key
exchange. (Are there more uses I'm not aware of?)
I know the curve used for ECDSA is a property of the key pair associated
with the certificate, so it doesn't make sense to be a setting controlled
at runtime. My best guess is that the curve for ECDHE is controlled by
ECDHParameters. Given all of this, I can't figure out what's left for the
"Curves" parameter to control.
Are my above assumptions right? If so, what does "Curves" control?
Joseph C. Sible
More information about the openssl-users