Because there is no documentation for SSL_CTX_set_tmp_ecdh_callback() in OpenSSL 1.0.1 and older, I am afraid I have to ask:
1. Is the EC_KEY* returned by the callback supposed to be allocated for each invocation or is it supposed to be a static shared by all invocations? If the latter (a common object), are there any threading issues when multiple threads are running SSL connections simultaneously? 2. What does the keylength parameter to the ECDH callback represent: A) An RSA/DH keylength (e.g. 2048 for 128 bit security) B) An EC keylength (e.g. 130 for 128 bit security) C) A symmetric keylength (e.g. 128 for 128 bit security) 3. Are there particular cut-off-points for the keylength parameter which correlates with the largest of the predefined EC groups likely to be supported by the client (e.g. according to the cipher suite collection offered). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
