On Mon, Mar 23, 2015 at 01:01:29PM +0000, Matt Caswell wrote: > > As Viktor states RFC 4492 says if the client sends no TLS extension > > containing the curves supported then the server can choose any supported > > curve. So your fix is to continue when we reach the second iteration if > > there are no curves in the second list rather than flag an error. > > Essentially yes, although with the refinement that the first iteration > checks the list of available curves for this SSL. This may or may not be > the same as the complete list of curves available in this *build* (e.g. > if SSL_set1_curves_list() has been used). I would expect that a client sending an *empty* list of supported curves means no curves are supported by the client, and the server would not enable EC. The case where the server is free to choose any curve is presumably when the client does not send a supported curves extension at all. -- Viktor.
