Applicability

Traditional finite-field-based Diffie-Hellman (DH) key exchange during the Transport Layer Security (TLS) handshake suffers from a number of security, interoperability, and efficiency shortcomings. These shortcomings arise from lack of clarity about which DH group parameters TLS servers should offer and clients should accept. This document offers a solution to these shortcomings for compatible peers by using a section of the TLS Supported Groups Registry (renamed from EC Named Curve Registry by this document) to establish common finite field DH parameters with known structure and a mechanism for peers to negotiate support for these groups.

Responsible Party

Status

UUID

b54c2a00-485a-4629-a837-7d22458cf513

Relationships