Limiting key exchange elliptic curves
When utilizing an ephemeral Elliptic Curve Diffie-Hellman cipher (TLS_ECDHE_xxx), each side of the connection being negotiated generates an elliptic curve key pair and exchanges the public key as part of the TLS V1.0, TLS V1.1, or TLS V1.2 handshake process. The elliptic curve is selected by the server using a list of supported elliptic curves provided by the client.
System SSL provides the capability to define the list of supported elliptic curves through either an environment variable or through an invocation to the gsk_attribute_set_buffer() routine.
When a client, the list of supported elliptic curves is defined using GSK_CLIENT_ECURVE_LIST. This list represents the elliptic curves supported by the client for the key exchange in the client’s preferred order. This list also represents certificate elliptic curves supported when a server is using an elliptic curve public key certificate.
When a server, the list of allowed elliptic curves is defined using GSK_SERVER_ALLOWED_KEX_ECURVES. This list represents the allowed key exchange elliptic curves with no defined order.
When enabled for FIPS mode, elliptic curves x25519 and x448 are not supported and if specified, will be ignored. The specified list may also be tailored to meet the requirements of the FIPS level being utilized. For information about FIPS mode level support, see System SSL and FIPS 140-2.
Example of how the elliptic curve is selected by the server using a list of supported elliptic curves provided by the client
GSK_CLIENT_ECURVE_LIST=00230024GSK_SERVER_ALLOWED_KEX_ECURVES=002400290023