Difficulty in understanding TLS1.3 APIs in OpenSSL 1.1.1
Hubert Kario
hkario at redhat.com
Mon May 27 12:53:42 UTC 2019
On Monday, 27 May 2019 12:11:44 CEST Matt Caswell wrote:
> On 27/05/2019 10:26, Raja Ashok wrote:
> > *2) Configuring supported groups and temp ECDHE:* Configuring temp ECDHE
> > using /SSL_set_tmp_ECDH()/ configures the corresponding curve ID as
> > supported groups. So calling first /SSL_set1_groups()/ and then
> > calling/SSL_set_tmp_ECDH()/ resets the configured groups using
> > /SSL_set1_groups()/.
>
> SSL_set_tmp_ECDH() is the old way of doing things (we should probably
> deprecate this). You shouldn't need to call this at all. Just use
> SSL_set1_groups.
filed https://github.com/openssl/openssl/issues/9014 to track this
probably "good first issue"?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190527/ab954377/attachment-0001.sig>
More information about the openssl-users
mailing list