EAP-TLS and elliptic curves (OPEN)

Weisteen Per per.weisteen at telenor.no
Tue Apr 13 10:39:18 CEST 2021


I've got some supplicants that only supports secp256r1/prime256v1 as elliptic curve while others support additional curves like x25519, secp384r1 etc.
Currently I've set ecdh_curve To prime256v1 which then applies to all supplicants.

If I set ecdh_curve parameter empty will the server key exchange adjust curve info dynamically according to what the supplicant has announced in TLS client hello using the "best" curve available ?


Sensitivity: Internal

More information about the Freeradius-Users mailing list