On Friday, 10 January 2020 23:41:20 CET, Sebastian Andrzej Siewior wrote:
Hi, gnutls-cli sends by default (in the supported groups extension) `secp256r1' first and later `x25519'. The key_share extension contains a key for both types. The server has both types configured both groups and `x25519' comes first. The handshake however ends up with `secp256r1'. Is there a way to tell openssl to prefer `x25519' over `secp256r1'?
use the server preference setting? for s_server it's the -serverpref switch -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
