Is X25519/X448 supported for TLSv1.2?

John Jiang john.sha.jiang at gmail.com
Fri Jun 14 01:05:32 UTC 2019


On Thu, Jun 13, 2019 at 12:28 PM Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

> On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote:
>
> > I got the point: the server certificate is ECDSA with curve secp256r1.
> > It works with RSA certificate and curves
> > sepc256r1/sepc384r1/sepc521r1/x25519/x448.
>
> See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924
>
> When using ECDSA with TLSv1.2, the group list MUST include the group
> used in the certificate.  Otherwise, you get no shared cipher as
> you reported.

How about this point in TLSv1.3?
With my testing, the case "ECDSA certificate with curve secp256r1 + named
group secp521r1" work fine with OpenSSL s_server and s_client.


> You can *prefer* X25519, but you cannot only offer
> X25519.
>
Just an intentional test.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190614/4c83ac8b/attachment.html>


More information about the openssl-users mailing list