Which ECC curve is being used?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Which ECC curve is being used?

Salz, Rich

Can I determine which of the built-in ECC curves are being used, just by looking at the SSL structure?  Tnx.

 

                /r$

 

-- 

Principal Security Engineer

Akamai Technology

Cambridge, MA

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Which ECC curve is being used?

Dr. Stephen Henson
On Tue, Dec 11, 2012, Salz, Rich wrote:

> Can I determine which of the built-in ECC curves are being used, just by looking at the SSL structure?  Tnx.
>

Can you be a bit more specific about what you mean by "being used"? By default
OpenSSL can use any built in ECC curve though it can be limited in range by
those of the peer.

Support for retrieving the curves used is very limited in released versions of
OpenSSL. This has been addressed in HEAD where ctrls exist to determine most
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Which ECC curve is being used?

Salz, Rich
>Can you be a bit more specific about what you mean by "being used"? By default OpenSSL can use any built in ECC curve though it can be limited in range by those of the peer.

>Support for retrieving the curves used is very limited in released versions of OpenSSL. This has been addressed in HEAD where ctrls exist to determine most details.

I suppose that's the information I'm interested in.

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Which ECC curve is being used?

Dave Thompson-5
> From: [hidden email] On Behalf Of Salz, Rich
> Sent: Monday, 17 December, 2012 00:01

> >Can you be a bit more specific about what you mean by "being
> used"? By default OpenSSL can use any built in ECC curve
> though it can be limited in range by those of the peer.
>
To be more exact, for SSL/TLS protocol:
- the curve used for authenticating with an ECDSA cert, and
verifying that authentication, is the curve of the key in
the cert. As the authenticator you know your own cert already.
As the verifier you can get the cert and look at it.
- the curve used for ECDH-E or A-ECDH key exchange by server
is the key.group configured by SSL_[CTX_]set_tmp_ecdh or
the callback configured by SSL_[CTX_]set_tmp_ecdh_callback
IF this curve is acceptable to the client. If it's not
acceptable, ECDH ciphers are just skipped, and unless you
have a second cert configured for other kx type acceptable
to the client, handshaking fails with "no shared cipher".
You should be able to know what you configured.
- the curve used for ECDH-E or A-ECDH by client is the curve
selected by the server. This is the one place the API doesn't
handle, although it looks to me like you can poke around in
ssl->cert->peer_ecdh_tmp (not tested, and if it works not
guaranteed in future versions, but may be a workaround).

For anything other than SSL/TLS protocol, like CMS/SMIME or
ssh or IPsec or g-d knows what, you'll need to say more.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Which ECC curve is being used?

Salz, Rich
Thanks for the detailed response, Dave.

> As the authenticator you know your own cert already. As the verifier you can get the cert and look at it.
> ... You should be able to know what you configured.

In general, yes. But in the context of a large proxy server fronting hundreds of servers and millions of clients, it's way much easier to pull stuff out of the SSL structure than to rummage back through configuration.

        /r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Which ECC curve is being used?

Dave Thompson-5
> From: [hidden email] On Behalf Of Salz, Rich
> Sent: Monday, 17 December, 2012 12:45

> Thanks for the detailed response, Dave.
>
> > As the authenticator you know your own cert already. As the
> verifier you can get the cert and look at it.
> > ... You should be able to know what you configured.
>
> In general, yes. But in the context of a large proxy server
> fronting hundreds of servers and millions of clients, it's
> way much easier to pull stuff out of the SSL structure than
> to rummage back through configuration.

If you haven't wrapped the OpenSSL struct(s) with your own
and you want to remember something(s) about an SSL connection,
that's what SSL_{set,get}_ex_data are for.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Which ECC curve is being used?

Salz, Rich
> If you haven't wrapped the OpenSSL struct(s) with your own and you want to remember something(s) about an SSL connection, that's what SSL_{set,get}_ex_data are for.

Yes, thanks.  I might do that if there's no other option, but a EC_get_NID seems a reasonable thing to want and, if I read Stephen's post correctly, might be there on HEAD.

While I've been away for some time, and therefore our paths haven't crossed, I'm not a newbie.  I generally know what I'm doing. (BTW, the original multi-thread support, and the MIME v3 support were contributed by previous projects of mine.)

        /r$
--  
Principal Security Engineer
Akamai Technology
Cambridge, MA

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]