Re: Is X25519/X448 supported for TLSv1.2?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote:

> Using OpenSSL 1.1.1.
> Just want to confirm that if OpenSSL supports curves X25519 and X448 for
> TLSv1.2.

Yes, it does.

> Tried below commands,
> openssl s_server -trace -state -cert server.cer -key server.key -accept port
> openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 -connect localhost:port

With same commands, using OpenSSL 1.1.1c, I get:

    CONNECTION ESTABLISHED
    Protocol version: TLSv1.2
    Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384
    Peer certificate:
    Hash used: SHA256
    Signature type: RSA-PSS
    Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
    Server Temp Key: X25519, 253 bits

Perhaps your s_client is not the one from 1.1.1 or it is dynamically
linked against 1.1.0 libraries...

-- 
	Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux