[openssl-users] Curves and ECDHParameters
openssl-users at dukhovni.org
Tue Sep 11 22:41:36 UTC 2018
> On Sep 11, 2018, at 6:20 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> The 1.0.2 documentation for "ECDHParameters" explains that this is
> server-side setting to select a particular *fixed* ECDHE curve.
> This is a legacy feature that predates negotiation of the curve
> used based on the client's extension.
That said, in 1.0.2, it may be necessary to set "ECDHParameters" to
"Automatic" in order to enable ECDHE with Curve negotiation based
on the (separately specified) Curves. I am not sure whether
automatic ECDHE is on by default in 1.0.2, IIRC it may not be.
More information about the openssl-users