trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Forward Secrecy ?
Date Mon, 25 Nov 2013 19:20:57 GMT
On Nov 25, 2013, at 1:02 AM, Jan-Frode Myklebust <janfrode@tanso.net> wrote:

> On Mon, Nov 25, 2013 at 08:22:35AM +0000, Igor Galić wrote:
>> 
>>> and for stud:
>>> 
>>> 	https://github.com/bumptech/stud/pull/61/files
>> 
>> Wow. That's bad. That looks specifically for the *bad* NSA curve constants
>> before initializing the ec code. That's not something I'd rely on, since
>> not even NIST is any more.
> 
> Are there any other relevant curve constants that's usable? Looks to me
> like everyone is using NIST P-384 or NIST P-256, and these are the only
> once available as named curves in my openssl library.

P-256 is also recommended here, https://www.imperialviolet.org/2011/11/22/forwardsecret.html

J
Mime
View raw message