diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-05-20 15:47:51 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-05-20 15:47:51 +0200 |
commit | de57d2372985d2640ae82f7954bf9dc07caf2f09 (patch) | |
tree | 62ce809bf90d041fe75baaae1361ef37a7b6dd8d /test/ssltest.c | |
parent | 1554d55318a7bb3347f4ccfadf78cca56e51ee79 (diff) |
Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).
Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else.
The result:
$ openssl s_server -named_curves "auto"
This command will negotiate an ECDHE ciphersuite with P-256:
$ openssl s_client
This command will negotiate P-384:
$ openssl s_client -curves "P-384"
This command will not negotiate ECDHE because P-224 is disabled with "auto":
$ openssl s_client -curves "P-224"
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/ssltest.c')
-rw-r--r-- | test/ssltest.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/test/ssltest.c b/test/ssltest.c index 95ba1a0bf7..136bf9a3c9 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1494,12 +1494,9 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; } - } else -# ifdef OPENSSL_NO_EC2M + } else { nid = NID_X9_62_prime256v1; -# else - nid = NID_sect163r2; -# endif + } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { |