On Wed, Nov 26, 2014, Giuseppe D'Angelo wrote: > Il 26/11/2014 12:03, Matt Caswell ha scritto: > >Hmmmm....SS_CTX_set1_curves returns an error for me if I pass it that > >curve that you mentioned. > > > >Can you share any code for exactly how you are calling it? > > Heh, it's a bit complex as of now (you can find it in the patch > linked to my first email, [1]), I'll try tearing down into a pure > C/C++ example (also to exclude a silly mistake on my side)... > > [1] > https://codereview.qt-project.org/#/c/94022/24/src/network/ssl/qsslcontext_openssl.cpp > >
Note that there is a different potential problem with the code there. You're allowing the setting of a custom set of supported curves but hard coding a single curve for the ECDH temporary key. You could end up with a set of supported curves which doesn't include your temporary key: which will effectively disable any ECDH ciphersuites. I'd suggest you set auto parameters if the version is 1.0.2+ instead with: SSL_CTX_set_ecdh_auto(ctx, 1); Then the highest preference curve will be used for ECDH instead. For 1.0.1 or earlier you'd still have to use the single curve. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org