Currently, the good old DHE Key Exhange in TLS is vulnerable on many legacy systems, the web industry switched to ECDHE to get away from the old systems, also for better performance.
However, ECDHE Key Exchange is using one of the NIST P-series elliptic curves, which have unexplained parameters, random seeds and design choices, also prone to many implementation mistakes. Some speculated the whole curve is an attempt to intentionally weaken the crypto strength by the NSA.
In response, Daniel J. Bernstein's faster, clearer more securer alternative elliptic curve, Curve25519 is getting more and more support. Now, it is supported by FireFox and Chrome as an accepted ECDHE algorithm. Microsoft Edge's team also stated that they would like to support it in the future.
It is useful to document the support of x25519 key exchange.
The text was updated successfully, but these errors were encountered: