Re: Is X25519/X448 supported for TLSv1.2?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote:

> I got the point: the server certificate is ECDSA with curve secp256r1.
> It works with RSA certificate and curves
> sepc256r1/sepc384r1/sepc521r1/x25519/x448.

See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924

When using ECDSA with TLSv1.2, the group list MUST include the group
used in the certificate.  Otherwise, you get no shared cipher as
you reported.  You can *prefer* X25519, but you cannot only offer
X25519.

-- 
	Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux