Single ECDH Curve for forward secrecy

Alan DeKok aland at
Fri Jan 31 15:59:39 CET 2020

On Jan 31, 2020, at 9:49 AM, Jan-Frederik Rieckers <rieckers+freeradius-devel at> wrote:
> I'll probably write my bachelor thesis about some aspects. I'll
> definitely share results, if they concern the server side.


> I don't know if that's true. As far as I know OpenSSL itself is
> perfectly capable of supporting multiple curves.
> I've tested that with my private HTTPS servers and openssl s_client:
> `openssl s_client -groups "X25519" -connect <host>`
> `openssl s_client -groups "prime256v1" -connect <host>`

  That's the client side... the question is what happens on the server side?  i.e. what API calls are necessary?

  I think that the curves supplied to OpenSSL are defaults, and it can negotiate more.  See the "cipher_list" configuration, which allows you to specify multiple ciphers.

> I've also observed at least one server in the eduroam federation which
> support multiple named curves. (Based on my data from analyzing TLS
> Handshakes in EAP-TLS)
> I haven't had the the time to try to modify freeradius locally to ignore
> the ecdh_curve completely. Unfortunately I'm just beginning to get into
> the openssl API.

  Good luck.  It's enormously more complex than it needs to be. :(

  Alan DeKok.

More information about the Freeradius-Devel mailing list