(2 replies, posted in wolfSSL (formerly CyaSSL))

Hi Jacob,

our goal is to use the Wolf JSSE implementation from a http client, when connecting to a ws endpoint. As the target server is not under our control, we are constrained to support both the insecure tls renegotiation, and custom curves to be able to successfully build up the connection. If I understand your answer correctly, unnamed curves won't be supported, when wolfSSL is being used through the provided JSSE wrapper. Is that correct? How about the renegotiation aspect (that is receiving a hello request from the server while the client is currently negotiating a session)?

Thanks in advance, Alex


(2 replies, posted in wolfSSL (formerly CyaSSL))

I have two unrelated questions regarding the WolfSSL TLS implementation (and thus the JSSE wrapper).
1) Does it allow for the legacy (insecure) renegotiation (the rfc5246 way) as a TLS client? Can this be somehow enabled (although its a bad practice)?
2) Also, does it support the usage of unnamed EC curves (that is explicit ECParameters)? This might seem a trivial question, but for example the SUN JSSE implementation does not support these keys.
Thanks for the help, cheers, Alex