On Fri, Jun 12, 2015 at 01:35:22AM -0700, Aaron wrote: > Thanks so much, Viktor. Hence, this is an expected behavior change. In this > case I will update my application. Does your test case result in ECDHE being used when you change only the protocol on both ends from ssl3 to tls1? If so, I think this that confirms my hunch. I've not hunted down the specific changes that might have tightened down use of ECDHE in the absense of the relevant extensions (nor even whether the change is in the server or client). So this analysis is "disturbingly plausible" (an amusing phrase borrowed from another context, too long to explain...). -- Viktor.
