Skip to content

Adding EnableECDH to Context #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jtolio merged 2 commits into from
May 21, 2014
Merged

Adding EnableECDH to Context #2

jtolio merged 2 commits into from
May 21, 2014

Conversation

@zowens
Copy link
Contributor

@zowens zowens commented May 15, 2014

To enable the use of ECDH, the SSL context has to have an ECDH key.

In openssl 1.0.2 (not yet released), SSL_CTX_set_ecdh_auto can be used. As a fallback, SSL_CTX_set_tmp_ecdh can be used with a named curve.

@jtolio
Copy link
Member

jtolio commented May 16, 2014

So, I think we've decided we're happy with this pull request except for the hardcoded default curve. I think I'd rather just expose SSL_CTX_set_tmp_ecdh and SSL_CTX_set_ecdh_auto separately, and if SSL_CTX_set_ecdh_auto isn't actually defined, the Go method that wraps it just returns an error or something.

Would you be okay with that?

@zowens
Copy link
Contributor Author

zowens commented May 20, 2014

I think I read somewhere that this is what nginx does. If we want to expose the curves, we may just want to have 1 func for now that sets the curve using SSL_CTX_set_tmp_ecdh without messing with SSL_CTX_set_ecdh_auto. Does that seem reasonable?

EDIT: I meant to suggest that we defer adding a function that wraps SSL_CTX_set_ecdh_auto until openssl has a release with that functionality in it and simply wrap SSL_CTX_set_tmp_ecdh.

@jtolio
Copy link
Member

jtolio commented May 20, 2014

yep, that sounds good to me

@zowens
Copy link
Contributor Author

zowens commented May 20, 2014

Do you want all the curves in as constants? There's 64 in 1.0.1g... maybe just some common curves as constants?

@jtolio
Copy link
Member

jtolio commented May 20, 2014

heh, up to you. I'm cool with starting with some common ones and them getting added as needed

@zowens
Copy link
Contributor Author

zowens commented May 21, 2014

I decided to just add P-256 and P-384, which are the only curves supported by Firefox. It turns out, openssl implements all 15 recommended curves from FIPS 186-4.

@jtolio
Copy link
Member

jtolio commented May 21, 2014

awesome, thanks

jtolio added a commit that referenced this pull request May 21, 2014
@jtolio
Merge pull request #2 from zowens/add_ecdh
2bf5553 
Adding EnableECDH to Context
@jtolio jtolio merged commit 2bf5553 into spacemonkeygo:master May 21, 2014
nathan454 pushed a commit to nathan454/openssl that referenced this pull request Nov 30, 2022
@Stebalien
Merge pull request spacemonkeygo#2 from libp2p/fix/freebsd
adf4e19 
feat: add freebsd support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zowens @jtolio