OpenSSL 1.0.1 branch : setting Diffie Hellman Elliptic curve name via SSL_set_tmp_ecdh and EC_KEY_new_by_curve_name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

In our project, we are currently supporting two branches of OpenSSL (1.0.1 and 1.0.2)

Recently we had a requirement to enable elliptic curve Diffie Hellman, we see that in
OpenSSL 1.0.2 branch, we can use the below function to enable ECDH

/* Set automatic curve selection for server ssl to onoff.If onoff is 1 then

the highest preference curve is automatically used for ECDH temporary keys

used during key exchange. */

(void)SSL_set_ecdh_auto(ssl, 1);


However in OpenSSL 1.0.1 the ECDH curve name has to be explicitly set by the calling function. We researched about this and in one of the examples in OpenSSL wiki at
https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman

we have found that "NID_X9_62_prime256v1" is used.

Hence for OpenSSL 1.0.1, we have the implementation as below

sECDH = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); // secp256r1 curve - referred as prime256v1

(void)SSL_set_tmp_ecdh(ssl, sECDH);


However we are wondering, whether there is any recommendation for the choice of the named elliptic curve. Is any particular recommended ? Any suggestions in this regard is much appreciated.

--
Regards,
Sreekanth
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux