Questions about secure curves
tmraz at redhat.com
Tue Oct 15 14:50:56 UTC 2019
On Tue, 2019-10-15 at 15:43 +0200, Stephan Seitz wrote:
> I was looking at the output of „openssl ecparam -list_curves” and
> to choose a curve for the web server together with letsencrypt.
> It seems, letsencrypt supports prime256v1, secp256r1, and secp384r1.
> Then I found the site https://safecurves.cr.yp.to/.
> I have problems mapping the openssl curves with the curve names from
> web site, but I have the feeling that none of the choices above are
> Or what am I missing?
They are not 'safe' in the sense the page above declares some elliptic
curves to be safe. In particular these curves do not have some good
properties the safe curves have. On the other hand that does not mean
these curves are inherently insecure.
No matter how far down the wrong road you've gone, turn back.
[You'll know whether the road is wrong if you carefully listen to your
More information about the openssl-users