Difficulty in understanding TLS1.3 APIs in OpenSSL 1.1.1

Hubert Kario hkario at redhat.com
Mon May 27 12:53:42 UTC 2019

On Monday, 27 May 2019 12:11:44 CEST Matt Caswell wrote:
> On 27/05/2019 10:26, Raja Ashok wrote:
> > *2) Configuring supported groups and temp ECDHE:* Configuring temp ECDHE
> > using /SSL_set_tmp_ECDH()/ configures the corresponding curve ID as
> > supported groups. So calling first /SSL_set1_groups()/ and then
> > calling/SSL_set_tmp_ECDH()/ resets the configured groups using
> > /SSL_set1_groups()/.
> SSL_set_tmp_ECDH() is the old way of doing things (we should probably
> deprecate this). You shouldn't need to call this at all. Just use
> SSL_set1_groups.

filed https://github.com/openssl/openssl/issues/9014 to track this

probably "good first issue"?
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190527/ab954377/attachment-0001.sig>

More information about the openssl-users mailing list