Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1050
Views
0
Helpful
0
Replies

How to enable ECDH with curve size more than 192

raakesht7
Level 1
Level 1

‎06-16-2016 04:44 AM - edited ‎03-10-2019 12:40 AM

One of the tools throws the below finding, where i wonder how to choose ECDH and ECDHE with 192 and above curve.

Assistance appreciated... to choose the higher curve value on the server where i just the ciphersuite with ECDH and ECDHE but not the curve values.

I came across http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html

Transport Layer Security and Cipher Suites

......

  • Use 3072-bit DH or 256-bit or 384-bit ECDH and ECDSA with cipher suites that include:
    • TLS_DH_
    • TLS_ECDH_
    • TLS_ECDH_ECDSA or TLS_RSA_ECDSA
  • .........

test result....

Minimum EC size (no extension): 256
Minimum EC size (with extension): 160
Supported curves (size and name) ('*' = selected by server):
162 sect163k1 (K-163)
162 sect163r1
162 sect163r2 (B-163)
192 sect193r1
192 sect193r2
231 sect233k1 (K-233)
232 sect233r1 (B-233)
237 sect239k1
281 sect283k1 (K-283)
282 sect283r1 (B-283)
407 sect409k1 (K-409)
408 sect409r1 (B-409)
569 sect571k1 (K-571)
570 sect571r1 (B-571)
160 secp160k1
160 secp160r1
160 secp160r2
192 secp192k1
192 secp192r1 (P-192)
224 secp224k1
224 secp224r1 (P-224)
256 secp256k1
* 256 secp256r1 (P-256)
384 secp384r1 (P-384)
521 secp521r1 (P-521)
=========================================
WARN[SK004]: Server supports ECDH parameters smaller than 192 bits

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents