On Tue, May 19, 2020, Claus Assmann wrote: Here's another (confusing) note: the (failing) S8 trace log: > Sent Record > Header: > Version = TLS 1.2 (0x303) > Content Type = Handshake (22) ... > extensions, length = 12 > extension_type=supported_versions(43), length=2 > TLS 1.3 (772) > extension_type=key_share(51), length=2 > NamedGroup: secp256r1 (P-256) (23) If I enable SSL_CTX_set_ecdh_auto() in S8 (-DLTS_EC=2) (instead of using EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) then this changes to NamedGroup: ecdh_x25519 (29) and the handshake does not fail. That's somehow weird, because a different client uses secp256r1 too and that handshake (with S8) does not fail. Of course it would be nice if the TLS handshake provides a better error message for this case. Since I cannot change all the S8 servers out there, it seems I have to figure out what is wrong(?) in M1 for this case.
