On 2020-01-13 11:23:35 [+0000], Matt Caswell wrote: > The current behaviour is that the first key share we see that also > exists in our supported groups list is the one that we use. There isn't > a way at the moment to configure things in order to specify a preference > order. > > https://github.com/openssl/openssl/blob/bbe486cf6154df3d3aaedbae6c5b82d4ed31a5f8/ssl/statem/extensions_srvr.c#L662-L720 Okay so there isn't a knob yet. Thank you for confirming. > It wouldn't be too difficult to amend the above logic to select the key > share that is highest in the server's supported group list. But that > would be a new feature and wouldn't be backported to 1.1.1. > > PRs to make that change welcome. Thanks, done. > Matt > Sebastian
