This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients christian.heimes, dstufft, pitrou
Date 2014-03-22.02:34:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
From the OpenSSL changelog:

  *) Support for automatic EC temporary key parameter selection. If enabled
     the most preferred EC parameters are automatically used instead of
     hardcoded fixed parameters. Now a server just has to call:
     SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
     support ECDH and use the most appropriate parameters.
     [Steve Henson]

We could probably call this function automatically on SSL contexts, when possible.

Besides, Apache's mod_ssl has the following code:

#if defined(SSL_CTX_set_ecdh_auto)
        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);

So perhaps we can also reuse the same fallback to "prime256v1" (which would allow prioritizing ECDH in the cipher string).
Date User Action Args
2014-03-22 02:34:31pitrousetrecipients: + pitrou, christian.heimes, dstufft
2014-03-22 02:34:31pitrousetmessageid: <>
2014-03-22 02:34:31pitroulinkissue21015 messages
2014-03-22 02:34:31pitroucreate