One of the tools throws the below finding, where i wonder how to choose ECDH and ECDHE with 192 and above curve.
Assistance appreciated... to choose the higher curve value on the server where i just the ciphersuite with ECDH and ECDHE but not the curve values.
I came across http://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
Transport Layer Security and Cipher Suites
......
- Use 3072-bit DH or 256-bit or 384-bit ECDH and ECDSA with cipher suites that include:
- TLS_DH_
- TLS_ECDH_
- TLS_ECDH_ECDSA or TLS_RSA_ECDSA
- .........
test result....
Minimum EC size (no extension): 256
Minimum EC size (with extension): 160
Supported curves (size and name) ('*' = selected by server):
162 sect163k1 (K-163)
162 sect163r1
162 sect163r2 (B-163)
192 sect193r1
192 sect193r2
231 sect233k1 (K-233)
232 sect233r1 (B-233)
237 sect239k1
281 sect283k1 (K-283)
282 sect283r1 (B-283)
407 sect409k1 (K-409)
408 sect409r1 (B-409)
569 sect571k1 (K-571)
570 sect571r1 (B-571)
160 secp160k1
160 secp160r1
160 secp160r2
192 secp192k1
192 secp192r1 (P-192)
224 secp224k1
224 secp224r1 (P-224)
256 secp256k1
* 256 secp256r1 (P-256)
384 secp384r1 (P-384)
521 secp521r1 (P-521)
=========================================
WARN[SK004]: Server supports ECDH parameters smaller than 192 bits