Is X25519/X448 supported for TLSv1.2?

Viktor Dukhovni openssl-users at
Thu Jun 13 04:27:56 UTC 2019

On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote:

> I got the point: the server certificate is ECDSA with curve secp256r1.
> It works with RSA certificate and curves
> sepc256r1/sepc384r1/sepc521r1/x25519/x448.


When using ECDSA with TLSv1.2, the group list MUST include the group
used in the certificate.  Otherwise, you get no shared cipher as
you reported.  You can *prefer* X25519, but you cannot only offer


More information about the openssl-users mailing list