wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Emilia Kasper f4d1fb7769 Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client). 
Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else.

The result:

$ openssl s_server -named_curves "auto"

This command will negotiate an ECDHE ciphersuite with P-256:

$ openssl s_client

This command will negotiate P-384:

$ openssl s_client -curves "P-384"

This command will not negotiate ECDHE because P-224 is disabled with "auto":

$ openssl s_client -curves "P-224"

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 16:04:37 +02:00
..
.cvsignore
bio_ssl.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
d1_both.c Code style: space after 'if' 2015-04-16 13:50:01 -04:00
d1_clnt.c Add more error state transitions (DTLS) 2015-05-05 20:05:21 +01:00
d1_lib.c Fix Seg fault in DTLSv1_listen 2015-03-19 11:11:22 +00:00
d1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
d1_pkt.c Harmonize return values in dtls1_buffer_record 2015-03-10 13:52:32 -07:00
d1_srtp.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
d1_srvr.c Don't allow a CCS when expecting a CertificateVerify 2015-05-13 11:21:01 +01:00
dtls1.h Fix d2i_SSL_SESSION for DTLS1_BAD_VER 2015-02-27 20:31:28 +00:00
heartbeat_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:26 +00:00
kssl.c Re-align some comments after running the reformat script. 2015-01-22 09:31:48 +00:00
kssl.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
kssl_lcl.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
Makefile make update 2015-04-21 17:50:36 +02:00
s2_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s2_enc.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s2_lib.c Fix reachable assert in SSLv2 servers. 2015-03-19 12:58:35 +00:00
s2_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s2_pkt.c Add length sanity check in SSLv2 n_do_ssl_write() 2015-04-29 17:23:45 +01:00
s2_srvr.c Harden SSLv2-supporting servers against Bleichenbacher's attack. 2015-04-08 16:28:42 +02:00
s3_both.c Sanity check the return from final_finish_mac 2015-04-30 23:21:53 +01:00
s3_cbc.c Add sanity check in ssl3_cbc_digest_record 2015-04-30 23:21:53 +01:00
s3_clnt.c client: reject handshakes with DH parameters < 768 bits. 2015-05-20 14:54:51 +02:00
s3_enc.c Cleanse buffers 2015-03-11 10:45:23 +00:00
s3_lib.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s3_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s3_pkt.c Code style: space after 'if' 2015-04-16 13:50:01 -04:00
s3_srvr.c Don't allow a CCS when expecting a CertificateVerify 2015-05-13 11:21:01 +01:00
s23_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s23_lib.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s23_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s23_pkt.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
s23_srvr.c Re-align some comments after running the reformat script. 2015-01-22 09:31:48 +00:00
srtp.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl-lib.com VMS fixups for 1.0.2 2015-01-07 02:15:35 +01:00
ssl.h client: reject handshakes with DH parameters < 768 bits. 2015-05-20 14:54:51 +02:00
ssl2.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl3.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl23.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl_algs.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl_asn1.c Fix d2i_SSL_SESSION for DTLS1_BAD_VER 2015-02-27 20:31:28 +00:00
ssl_cert.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl_ciph.c Remove export ciphers from the DEFAULT cipher list 2015-03-07 23:02:19 +01:00
ssl_conf.c Add support for ServerInfo SSL_CONF option. 2015-03-18 12:31:06 +00:00
ssl_err.c client: reject handshakes with DH parameters < 768 bits. 2015-05-20 14:54:51 +02:00
ssl_err2.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl_lib.c Check sk_SSL_CIPHER_new_null return value 2015-05-11 11:53:50 +01:00
ssl_locl.h Sanity check the return from final_finish_mac 2015-04-30 23:21:53 +01:00
ssl_rsa.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl_sess.c Add sanity check to ssl_get_prev_session 2015-04-30 23:21:53 +01:00
ssl_stat.c Add Error state 2015-05-05 19:50:12 +01:00
ssl_task.c Re-align some comments after running the reformat script. 2015-01-22 09:31:48 +00:00
ssl_txt.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssl_utst.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
ssltest.c Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client). 2015-05-20 16:04:37 +02:00
t1_clnt.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t1_enc.c Sanity check EVP_CTRL_AEAD_TLS_AAD 2015-04-30 23:21:50 +01:00
t1_ext.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t1_lib.c Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client). 2015-05-20 16:04:37 +02:00
t1_meth.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t1_reneg.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t1_srvr.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
t1_trce.c Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
tls1.h Run util/openssl-format-source -v -c . 2015-01-22 09:31:38 +00:00
tls_srp.c Code style: space after 'if' 2015-04-16 13:50:01 -04:00