any subtleties about OCSP in TLS1.3 with ecdh curves?

Sam Roberts vieuxtech at
Mon Jun 24 21:34:14 UTC 2019

Node.js has a bug report and repro of ocsp status not being sent from
a node server to the openssl CLI when TLS1.3 is being used, but only
when server is setting an ecdh curve, with SSL_CTX_set1_curves_list()

repro is

TLS trace of success is,
and of failure is

I hacked up node a bit, and it does look like in both cases the same
API interactions between node and openssl are ocurring, at least with
respect to the cb from SSL_set_cert_cb() is happening, after which
time we save some data, and then we call
SSL_set_tlsext_status_ocsp_resp() with that data.

AFAICT, with SSL_CTX_set1_curves_list() called, the ocsp data never
shows up in the server response.

I'm not sure what to look at next, does anybody have ideas?


More information about the openssl-users mailing list