Hi All,
In our project, we are currently supporting two branches of OpenSSL (1.0.1 and 1.0.2)
Recently we had a requirement to enable elliptic curve Diffie Hellman, we see that in
OpenSSL 1.0.2 branch, we can use the below function to enable ECDH
/* Set automatic curve selection for server ssl to onoff.If onoff is 1 then
the highest preference curve is automatically used for ECDH temporary keys
used during key exchange. */
(void)SSL_set_ecdh_auto(ssl, 1);
However in OpenSSL 1.0.1 the ECDH curve name has to be explicitly set by the calling function. We researched about this and in one of the examples in OpenSSL wiki at
we have found that "NID_X9_62_prime256v1" is used.
Hence for OpenSSL 1.0.1, we have the implementation as below
sECDH = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // secp256r1 curve - referred as prime256v1
(void)SSL_set_tmp_ecdh(ssl, sECDH);
However we are wondering, whether there is any recommendation for the choice of the named elliptic curve. Is any particular recommended ? Any suggestions in this regard is much appreciated.
--
Regards,
Sreekanth
Sreekanth
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
