Single ECDH Curve for forward secrecy
rieckers+freeradius-devel at uni-bremen.de
Mon Feb 3 17:39:33 CET 2020
On 03.02.20 17:21, Alan DeKok wrote:
>> Since the ecdh_curve parameter is set with a default value of
>> prime256v1, leaving out the configuration parameter results in the
>> choice of prime256v1.
> You can set the curve to nothing:
> ecdh_curve = ""
> See the set_ecdh_curve() function.
I'm sorry, I didn't notice this.
In my opinion, it seems a little bit odd, that leaving out the option
defaults to "prime256v1", but setting it to empty string enables all curves.
There's also no documentation for this behavior in the configuration
file. Maybe this could be added?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Devel