How do I turn off EC point formats from showing up in TLS 1.3 client hello?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How do I turn off EC point formats from showing up in TLS 1.3 client hello?

Phil Neumiller

TLS 1.3 doesn't use EC point formats right?  I don't know why they are in my
TLS 1.3 client hello.

Extension: ec_point_formats (len=4)
    Type: ec_point_formats (11)
    Length: 4
    EC point formats Length: 3
    Elliptic curves point formats (3)
        EC point format: uncompressed (0)
        EC point format: ansiX962_compressed_prime (1)
        EC point format: ansiX962_compressed_char2 (2)

There is a flag OPENSSL_NO_EC do I need to set that somewhere in config or
make?

Is there an API call do disable these?  There is a get function
SSL_get0_ec_point_formats() but no set.

Thanks,

Phil



-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Phillip Neumiller Platform Engineering Directstream, LLC
Reply | Threaded
Open this post in threaded view
|

Re: How do I turn off EC point formats from showing up in TLS 1.3 client hello?

Matt Caswell-2


On 15/11/2019 22:03, Phil Neumiller wrote:
>
> TLS 1.3 doesn't use EC point formats right?  I don't know why they are in my
> TLS 1.3 client hello.

No, its not used in TLSv1.3 but is used in TLSv1.2 or below. A
ClientHello is sent before version negotiation takes place so you don't
know what version will eventually be selected. Therefore, if EC is
enabled, this extension is always added regardless.

A possible improvement would be for OpenSSL to detect whether TLSv1.3 is
the only enabled protocol version on the client and disable it in those
circumstances. But it doesn't currently check this.

Currently the only way to disable this extension is to disable EC.
However that means (assuming you are using 1.1.1 instead of master) that
TLSv1.3 will not work since EC is required for the 1.1.1 TLSv1.3
support. In master that isn't the case so I guess it might be possible
there but I've not tried it.

Matt