Message312238
Please elaborate, how did you test that the curve is not support? Python calls SSL_CTX_set_ecdh_auto(self->ctx, 1) to auto configure curves.
>>> import ssl
>>> ssl = ssl.SSLContext()
>>> ssl.set_ecdh_curve('X25519')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ssl.SSLError: unknown group (_ssl.c:3954)
The error message means that EC_KEY_new_by_curve_name() does not support X25519's group.
Some notes:
* OpenSSL 1.0.2+ supports SSL_CTX_set1_curves_list() besides SSL_CTX_set_tmp_ecdh()
* OpenSSL has no API to get configured curves from a context.
* I'm not sure how useful SSL_get1_curves() and SSL_get_shared_curve() would be for a general audience. To reduce our maintenance burden, we only wrap functions that are useful or required. |
|
Date |
User |
Action |
Args |
2018-02-16 16:34:46 | christian.heimes | set | recipients:
+ christian.heimes, janssen, alex, dstufft, sruester |
2018-02-16 16:34:46 | christian.heimes | set | messageid: <1518798886.65.0.467229070634.issue32858@psf.upfronthosting.co.za> |
2018-02-16 16:34:46 | christian.heimes | link | issue32858 messages |
2018-02-16 16:34:46 | christian.heimes | create | |
|