On Tue, 2019-10-15 at 15:43 +0200, Stephan Seitz wrote: > Hi! > > I was looking at the output of „openssl ecparam -list_curves” and > trying > to choose a curve for the web server together with letsencrypt. > > It seems, letsencrypt supports prime256v1, secp256r1, and secp384r1. > > Then I found the site https://safecurves.cr.yp.to/. > I have problems mapping the openssl curves with the curve names from > the > web site, but I have the feeling that none of the choices above are > safe. > > Or what am I missing? They are not 'safe' in the sense the page above declares some elliptic curves to be safe. In particular these curves do not have some good properties the safe curves have. On the other hand that does not mean these curves are inherently insecure. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]