-
Seems like Cloudflare has gradually started to enable Encrypted ClientHello support. You can see it on `rutracker.org` and `bo0om.ru` for example.
ECH was instroduced on Cloudflare several years ag…
-
Hi Thomas,
Thank you for developing this great tool, it's really helpful to check the security of a SSL server.
But I found an odd thing recently that the info returned in ServerHello might not be co…
ghost updated
8 years ago
-
Since other TLS 1.3 implementations such as Firefox offers also finit field groups, it would make sense to also provide these groups in our implementation.
Note: Finit field groups would also be na…
-
## Research
Please visit https://webauthn.io/ to see a demo of how it works. It integrates with the built-in authentication managed by the browser and operating system, and the private keys are sto…
-
-
RSA works everywhere, but at modern key sizes it is slow, and it bloats anything signed with it. Elliptic curves are the future, and a 384 bit elliptic curve SSL cert is as strong as a 7000 bit RSA on…
ned14 updated
8 years ago
-
from @fournet
CC @nikswamy
- `perror __SOURCE_FILE__ __LINE__` should not be evaluated :slightly_smiling_face:; similarly \n etc should not be evaluated.
- many added empty lines, e.g. 9 abov…
-
I'm trying to make a self signed CA cert for a private key held on a ATECC608C-TNGTLS chip via PKCS11. ATECC608* chips only support secp256r1 ECC keys.
This chip has a factory burned master key I w…
-
# Introduction
## Curves
There are two elliptic curves used in firmware:
* secp256k1 (the Bitcoin curve)
* nist256p1 (also known as secp256r1)
We also use curve25519 and ed25519 but I won't…
-
### Summary
`mbedtls_ecp_mul()` is rejecting legal input R that is used to store result of point multiplication on Curve25519/Curve448.
### System information
Mbed TLS version: at least lates…