Is X25519/X448 supported for TLSv1.2?

Viktor Dukhovni openssl-users at
Wed Jun 12 08:33:41 UTC 2019

On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote:

> Using OpenSSL 1.1.1.
> Just want to confirm that if OpenSSL supports curves X25519 and X448 for
> TLSv1.2.

Yes, it does.

> Tried below commands,
> openssl s_server -trace -state -cert server.cer -key server.key -accept port
> openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 -connect localhost:port

With same commands, using OpenSSL 1.1.1c, I get:

    Protocol version: TLSv1.2
    Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
    Peer certificate:
    Hash used: SHA256
    Signature type: RSA-PSS
    Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
    Server Temp Key: X25519, 253 bits

Perhaps your s_client is not the one from 1.1.1 or it is dynamically
linked against 1.1.0 libraries...


More information about the openssl-users mailing list