On May 14 14:30, Bryan wrote: > OpenBSD 6.1 httpd is (according to Qualys SSL Labs) using "Supported EC > Named Curves x25519, secp256r1, secp384r1 (server preferred order)" > when `tls ecdhe "auto"` is used in the server configuration. > > Is it possible to configure httpd to use only x25519? > > Trying various ways of specifying this curve, "x25519", "X25519", > "curve25519", and "Curve25519" have been unsuccessful. This curve is > also not returned with `$ openssl ecparam -list_curves`. I believe I > read somewhere that Curve25519 is implemented differently than the > other elliptic curves and this is why it does not display with the > above command. However, somehow it is being utilized by httpd, and so I > wonder if there is a way to enforce the use of only this curve. >
Do the other short names in /usr/include/openssl/obj_mac.h work?
