It would be nice, but thought that I would add that the criticism of secp256r1 in the eyes of some major cryptographers has moved from far fetched but being unable to disprove the criticism to making no practical sense of being true.
On 17 May 2017 19:05, "Bryan" <[email protected]> wrote: > > > OpenBSD 6.1 httpd is (according to Qualys SSL Labs) using "Supported EC > > > Named Curves x25519, secp256r1, secp384r1 (server preferred order)" > > > when `tls ecdhe "auto"` is used in the server configuration. > > > > > > Is it possible to configure httpd to use only x25519? > > > Not currently. > > > > Trying various ways of specifying this curve, "x25519", "X25519", > > > "curve25519", and "Curve25519" have been unsuccessful. This curve is > > > also not returned with `$ openssl ecparam -list_curves`. I believe I > > > read somewhere that Curve25519 is implemented differently than the > > > other elliptic curves and this is why it does not display with the > > > above command. However, somehow it is being utilized by httpd, and so I > > > wonder if there is a way to enforce the use of only this curve. > > > It is on the TODO list - there is a change needed to libtls, which will > then > > allow httpd to specify which EC curves are to be enabled for TLS key > exchange > > (including X25519). > > Thanks for the information. The "auto" setting is using a nice > selection of curves and prioritizing X25519, but it will be nice to > have the ability to specify only X25519 (or another). > >
