ARMmbed

List of prefered elliptic curve

Currently mbedTLS has a default list of supported curves (ecp_supported_curves in ecp.c) which is ordered with largest curves first and for the same size fastest curves first. Let’s say my application wants to prioritize certain elliptic curves over others (i.e. brainpool256r1 over secp521r1). Is ecp.c the only place where this can be set?

Hi Subhan,
The list you are referring is only a list of supported curves, without any prioritization. Which curve to use is the application’s decision.
In addition to the list, you will need to enable \ disable The specific curve in the configuration file in the definitons of MBEDTLS_ECP_DP_XXX_ENABLED
You can prioritize the ciphersuite however, with the definition of MBEDTLS_SSL_CIPHERSUITES

Regards,
Mbed TLS Team member
Ron

I thought that the client only suggested the curve by sending the list of supported curves ordered by preference in its “ClientHello” message. However it is ultimately up to the server which elliptic curve he chooses. Let’s say the client supports secp521, secp256r1 and brainpoolp256r1. My server supports all these as well, but it wants brainpoolp256r1 to be prioritized in this case. Is there any way to do this within mbedtls?

My previous answer was mostly for ciphersuite, I apologize for confusion.

As you can see, the server chooses iterates over it’s certificates to send, and chooses the first certificate that has a commonly supported curve. You can simply set the certificate signed with brainpoolp256r1 curve first in your certificate list.
(mbedtls_ssl_conf_own_cert appends the list of certificate, so you can choose your prefered certificate first)

For key_exchange, the server compares its preferred list to the commonly supported lists. You can set this list by calling mbedtls_ssl_conf_curves in your order of preference.
I hope this answers your question.
Regards,
Mbed TLS Team member
Ron

Thanks!