mbedtls_ssl_conf_curves() function

Set the allowed curves in order of preference. (Default: all defined curves.) On server: this only affects selection of the ECDHE curve; the curves used for ECDH and ECDSA are determined by the list of available certificates instead. On client: this affects the list of curves offered for any use. The server can override our preference order. Both sides: limits the set of curves accepted for use in ECDHE and in the peer's end-entity certificate.

Syntax

from ssl.h:2236

void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );

Implemented in ssl_tls.c:7498

Arguments

conf

SSL configuration

curves

Ordered list of allowed curves, terminated by MBEDTLS_ECP_DP_NONE.

Notes

This has no influence on which curves are allowed inside the certificate chains, see \c mbedtls_ssl_conf_cert_profile() for that. For the end-entity certificate however, the key will be accepted only if it is allowed both by this list and by the cert profile. This list should be ordered by decreasing preference (preferred curve first).

References

Location	Text
ssl_tls.c:7498	void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
ssl.h:2236	void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,

Data Use

Data read by mbedtls_ssl_conf_curves()

Data written by mbedtls_ssl_conf_curves()

mbedtls_ssl_conf_curves()::conf

mbedtls_ssl_conf_curves()::curve_list

all items filtered out

mbedtls_ssl_conf_curves()

mbedtls_ssl_config::curve_list

all items filtered out