New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2.5.3: missing bits #302
Comments
|
The fact that the specific EC does not work as other ECs does not justify the absence of the same from the listing of available ECs. Concerning the second part of the OP, namely the listing of a cipher suite group, the error shows that something is wrong again in the same part of the code. |
X25519 is a function that uses Curve25519 to perform a Diffie-Helman Key Exchange - it is not a generic Elliptic Curve and hence it does not fit into openssl(1)/libcrypto as one. If you believe otherwise, I'll review a diff that changes this behaviour. Re the second part, libtls != libssl - if you use libtls and specify "secure" ciphers you will get TLSv1.2 ciphers with AEAD and PFS (the equivalent OpenSSL specification is "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"). Can we close this now? |
The OP is about the existence of a supported curve that does not appear in the actual list of curves. Re the second part. I did not use libtls. I just used the default command to list a cipher suite group, using the group specification from the official LibreSSL release note. The OpenBSD community is rather careful when writing documentations.
Fuck yeah. |
@hdatma Curve25519 is a generic curve, but X25519 isn't. X25519 uses Curve25519 as its underlying elliptic curve to perform a DH key exchange. X25519 only uses the X-coordinate, hence its name. |
Ref. https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.3-relnotes.txt
The text was updated successfully, but these errors were encountered: