31 Jan
2020
31 Jan
'20
4:39 a.m.
Hello, I'm currently doing some research with the TLS client and server implementations in EAP-TLS. I have noticed, that Freeradius forces usage of one specific curve for ECDH Key Exchange. Is there a specific reason for that? ( set_ecdh_curve in src/main/tls.c ) The standard is "prime256v1", which seems to be a good default, since this curve is always in the SupportedGroups extension of the Client TLS Hello. (For all clients I've seen so far) But I'd like to change the default to something like X25519 and fall back on others when this is not possible. Kind regards Jan-Frederik Rieckers