Message312243
With OpenSSL 1.1.0g, the Code
int nid = OBJ_sn2nid("X25519");
EC_KEY *key = EC_KEY_new_by_curve_name(nid);
printf("id:%i key:%p\n", nid, key);
gives
id:1034 key:(nil)
EC_KEY_new_by_curve_name is IMHO not the best option to define client side curves. It can only select a single curve to be offered to the server, and it does not (for whatever reason) support X25519 yet.
SSL_CTX_set1_curves_list() provides both, selection of multiple curves for the client's preference list and it supports X25519 out of the box.
Aside from this I am missing a method in SSLSocket to give me information about the key exchange (DH, ECDH, which curve was chosen, which bit size DH keys had, ...).
I prepared a pull request which addresses both. Please review and be gentle, it is my first pull request here :-) |
|
Date |
User |
Action |
Args |
2018-02-16 17:09:13 | sruester | set | recipients:
+ sruester, janssen, christian.heimes, alex, dstufft |
2018-02-16 17:09:13 | sruester | set | messageid: <1518800953.13.0.467229070634.issue32858@psf.upfronthosting.co.za> |
2018-02-16 17:09:13 | sruester | link | issue32858 messages |
2018-02-16 17:09:13 | sruester | create | |
|