i am enabling the ECDHE support for my server but i see that openssl version 1.0.1* provide API SSL_CTX_set_tmp_ecdh to set the named curve but here the limitation is i can only support one named curve. Is it possible to support more then one elliptic named curve by the server in OPENSSL version 1.0.1*?
Asked
Active
Viewed 106 times
0
-
This is precariously close to a duplicate of the question and answer given at [How to pass EC named curve list used by SSL_CTX?](http://stackoverflow.com/a/39113664/608639) Was there anything confusing about the statement: *"Its not possible [to set the curve list] in OpenSSL 1.0.1 and below. You have to hack the source code."* The answer goes on to give you the source file you have to modify, and how you could modify it. – jww Aug 24 '16 at 10:53
-
@jww My previous question was for the client side customization where you can enumerate the elliptic curve but can not customize the list without hacking code whereas this question is related to server where it can only support one named curve instead enumerated curve list. i have gone through the code and understood it but wanted to take the confirmation from experts to make sure i have not missed anything. BTW thanks for your reply – rakesh sharma Aug 24 '16 at 12:51
-
@jww could you please help in providing the information about the usage of "ecdhe_tmp_cb" callback and what is is used for? i have searched enough but did not get any info. – rakesh sharma Aug 24 '16 at 13:51
-
@rakeshsharma Try a different question. jww will very likely read it and get some additional rep. if he answers. It's hard enough getting rep from crypto related questions as it is. – Maarten Bodewes Aug 24 '16 at 15:56
-
Thanks@MaartenBodewes. i will do as you suggest. – rakesh sharma Aug 26 '16 at 12:58