You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to use a certificate which has a brainpoolP256r1 curve, same as discussed in issue 21346. That is recommened by e.g. BSI TR-03116 Part 3 Chapter 4.1.
Currently, OpenSSL (tested with 3.0.8, 3.0.11 & 3.2.2) does not allow to establish a connection using TLS1.2 with a certificate using a brainpool curve without forcing the client to announce that it supports brainpool.
As stated in the other issue it works fine with TLS1.3 and OpenSSL >=3.2. However, TLS1.2 (any of the tested OpenSSL versions) only works if the client is explicitly told to use/announce brainpoolP256r1 with
Forcing only TLS1.2 the client sends these supported groups (in this example output is genereated by OpenSSL 3.0.11) $ openssl s_client -connect [hostname] -tls1_2 -trace
In my understanding using secp256r1 should be compliant in that situation according to RFC8446 , but OpenSSL 3.2.2 and 3.0.11 refuse the TLS1.2 handshake with "no shared cipher" error.
Unfortunately, there seems to be no way to configure the server/OpenSSL like that. Should the behaviour be adapted to maximize compatibility?
The text was updated successfully, but these errors were encountered:
Hi,
I would like to use a certificate which has a brainpoolP256r1 curve, same as discussed in issue 21346. That is recommened by e.g. BSI TR-03116 Part 3 Chapter 4.1.
Currently, OpenSSL (tested with 3.0.8, 3.0.11 & 3.2.2) does not allow to establish a connection using TLS1.2 with a certificate using a brainpool curve without forcing the client to announce that it supports brainpool.
As stated in the other issue it works fine with TLS1.3 and OpenSSL >=3.2. However, TLS1.2 (any of the tested OpenSSL versions) only works if the client is explicitly told to use/announce brainpoolP256r1 with
$ openssl s_client -connect [hostname] -tls1_2 -curves brainpoolP256r1 -trace
This adds "brainpoolP256r1" to the client handshake
Forcing only TLS1.2 the client sends these supported groups (in this example output is genereated by OpenSSL 3.0.11)
$ openssl s_client -connect [hostname] -tls1_2 -trace
In my understanding using secp256r1 should be compliant in that situation according to RFC8446 , but OpenSSL 3.2.2 and 3.0.11 refuse the TLS1.2 handshake with "no shared cipher" error.
Unfortunately, there seems to be no way to configure the server/OpenSSL like that. Should the behaviour be adapted to maximize compatibility?
The text was updated successfully, but these errors were encountered: