New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support ECDHE key agreement #6
Comments
I'll have to add two handshake extensions: the Supported Elliptic Curves Extension, and the Supported Point Formats Extension [ECC]:
A part of those extensions is (1) choosing a preference list on the client side and (2) selecting the curve and the point format from the client preference list on the server side. Anybody has ideas on how it should be done? What should be our sane defaults for both client and server sides? |
There seems to be an emerging consensus that using custom curves is a bad idea, which at least leaves just the named curves to support. I think that means that our point format extension support can be very minimal. In terms of curves, 256p1 seems to be supported by just about everyone, so maybe we can start with just 256p1 as a named curve? |
Sounds like a simple and reasonable first version, I'll do that. |
384p1 is also popular and well supported by browsers. Anything outside of those two has limited support. |
s2n supports DHE, but it would be great to also support ECDHE for faster negotiation.
The text was updated successfully, but these errors were encountered: