New feature request: x25519 Key Exchange #3157
Labels
Comments
|
FireFox 51 is released in Jan 24, 2017, upgraded the NSS library to 3.28, which supports x25519. |
|
x25519 in enabled by default in:
|
This was referenced Apr 23, 2017
|
+1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the good old DHE Key Exhange in TLS is vulnerable on many legacy systems, the web industry switched to ECDHE to get away from the old systems, also for better performance.
However, ECDHE Key Exchange is using one of the NIST P-series elliptic curves, which have unexplained parameters, random seeds and design choices, also prone to many implementation mistakes. Some speculated the whole curve is an attempt to intentionally weaken the crypto strength by the NSA.
In response, Daniel J. Bernstein's faster, clearer more securer alternative elliptic curve, Curve25519 is getting more and more support. Now, it is supported by FireFox and Chrome as an accepted ECDHE algorithm. Microsoft Edge's team also stated that they would like to support it in the future.
It is useful to document the support of x25519 key exchange.
The text was updated successfully, but these errors were encountered: