From de57d2372985d2640ae82f7954bf9dc07caf2f09 Mon Sep 17 00:00:00 2001
From: Emilia Kasper <emilia@openssl.org>
Date: Wed, 20 May 2015 15:47:51 +0200
Subject: Only support >= 256-bit elliptic curves with ecdh_auto (server) or by
 default (client).

Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else.

The result:

$ openssl s_server -named_curves "auto"

This command will negotiate an ECDHE ciphersuite with P-256:

$ openssl s_client

This command will negotiate P-384:

$ openssl s_client -curves "P-384"

This command will not negotiate ECDHE because P-224 is disabled with "auto":

$ openssl s_client -curves "P-224"

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 CHANGES | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 8600b8166c..397ff2c6e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -396,7 +396,14 @@
      whose return value is often ignored. 
      [Steve Henson]
 
- Changes between 1.0.2 and 1.0.2a [xx XXX xxxx]
+ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
 
   *) ClientHello sigalgs DoS fix
 
-- 
cgit v1.2.3