This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author sruester
Recipients alex, christian.heimes, dstufft, janssen, sruester
Date 2018-02-16.17:09:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1518800953.13.0.467229070634.issue32858@psf.upfronthosting.co.za>
In-reply-to
Content 
With OpenSSL 1.1.0g, the Code

 int nid = OBJ_sn2nid("X25519");
 EC_KEY *key = EC_KEY_new_by_curve_name(nid);
 printf("id:%i  key:%p\n", nid, key);

gives

 id:1034  key:(nil)

EC_KEY_new_by_curve_name is IMHO not the best option to define client side curves. It can only select a single curve to be offered to the server, and it does not (for whatever reason) support X25519 yet.
SSL_CTX_set1_curves_list() provides both, selection of multiple curves for the client's preference list and it supports X25519 out of the box.

Aside from this I am missing a method in SSLSocket to give me information about the key exchange (DH, ECDH, which curve was chosen, which bit size DH keys had, ...).

I prepared a pull request which addresses both. Please review and be gentle, it is my first pull request here :-)
History
Date User Action Args
2018-02-16 17:09:13sruestersetrecipients: + sruester, janssen, christian.heimes, alex, dstufft
2018-02-16 17:09:13sruestersetmessageid: <1518800953.13.0.467229070634.issue32858@psf.upfronthosting.co.za>
2018-02-16 17:09:13sruesterlinkissue32858 messages
2018-02-16 17:09:13sruestercreate