EC curve preferences

Phillip Hallam-Baker phill at
Fri Nov 20 18:53:20 UTC 2020

There are currently two sets of preferred curves.

CABForum approved use of the NIST curves from Suite B at 384 bits (and
521??) several years ago. Those are currently the only curves for which
FIPS-140 certified HSMs are currently available and thus the only ones that
can be supported by WebPKI CAs.

The IRTF CFRG RG approved replacement curves based on rigid construction
several years ago, These are intended to be the curves used in the future.
In particular, these are the curves most likely to end up being supported
in crypto co processors for CPUs.

On Fri, Nov 20, 2020 at 11:44 AM Skip Carter <skip at> wrote:

> I am sure this in the documentation somewhere; but where ?
> What are the preferred ECDH curves for a given keysize ?  Which curves
> are considered obsolete/deprecated/untrustworthy ?
> --
> Dr Everett (Skip) Carter  0xF29BF36844FB7922
> skip at
> Taygeta Scientific Inc
> 607 Charles Ave
> Seaside CA 93955
> 831-641-0645 x103
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list