Single ECDH Curve for forward secrecy
Alan DeKok
aland at deployingradius.com
Fri Jan 31 15:59:39 CET 2020
On Jan 31, 2020, at 9:49 AM, Jan-Frederik Rieckers <rieckers+freeradius-devel at uni-bremen.de> wrote:
> I'll probably write my bachelor thesis about some aspects. I'll
> definitely share results, if they concern the server side.
Thanks.
> I don't know if that's true. As far as I know OpenSSL itself is
> perfectly capable of supporting multiple curves.
>
> I've tested that with my private HTTPS servers and openssl s_client:
> `openssl s_client -groups "X25519" -connect <host>`
> `openssl s_client -groups "prime256v1" -connect <host>`
That's the client side... the question is what happens on the server side? i.e. what API calls are necessary?
I think that the curves supplied to OpenSSL are defaults, and it can negotiate more. See the "cipher_list" configuration, which allows you to specify multiple ciphers.
> I've also observed at least one server in the eduroam federation which
> support multiple named curves. (Based on my data from analyzing TLS
> Handshakes in EAP-TLS)
>
> I haven't had the the time to try to modify freeradius locally to ignore
> the ecdh_curve completely. Unfortunately I'm just beginning to get into
> the openssl API.
Good luck. It's enormously more complex than it needs to be. :(
Alan DeKok.
More information about the Freeradius-Devel
mailing list