Re: Questions about secure curves

[Viktor Dukhovni]

On Oct 15, 2019, at 1:02 PM, Mark Hack <markh...@markhack.com> wrote: I believe that Firefox does still support P-521 but Chrome does not. Also be aware that if you set server side cipher selection and use default curves, that OpenSSL orders the curves weakest to strongest ( even with @STRENGTH) so you will end up forcing P-256. The choice is optimized for reasonable security, performance and interoperability.  There's little reason at present to prefer the 521-bit or 384-bit NIST curves.  If any of them are weak against a secret new cryptanalytic attack, they possibly all are.  Barring secret advances at NSA (or similar), all the curves are well ou of reach of known realizable attacks (we don't have any scalable quantum computers at present), so you may as well use one with decent performance. Similarly, IIRC Chrome prefers AES128 or AES256, ... -- Viktor.