Is X25519/X448 supported for TLSv1.2?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jun 14 01:44:46 UTC 2019
On Fri, Jun 14, 2019 at 09:05:32AM +0800, John Jiang wrote:
> > See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924
> >
> > When using ECDSA with TLSv1.2, the group list MUST include the group
> > used in the certificate. Otherwise, you get no shared cipher as
> > you reported.
>
> How about this point in TLSv1.3?
> With my testing, the case "ECDSA certificate with curve secp256r1 + named
> group secp521r1" work fine with OpenSSL s_server and s_client.
In TLS 1.3, the "supported groups" extension restricts the curves
used in the key exchange:
https://tools.ietf.org/html/rfc8446#section-4.2.7
The curves used for signing are covered by "signature algorithms":
https://tools.ietf.org/html/rfc8446#section-4.2.3
Which should, if I am not mistaken, allow an ECDSA certificate to
be used with a "supported groups" list that does not list the curve
associated with the certificate.
--
Viktor.
More information about the openssl-users
mailing list