ssl.SSLContext.set_ecdh_curve()

SSLContext.set_ecdh_curve(curve_name)

Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) key exchange. ECDH is significantly faster than regular DH while arguably as secure. The curve_name parameter should be a string describing a well-known elliptic curve, for example prime256v1 for a widely supported curve.

This setting doesn’t apply to client sockets. You can also use the OP_SINGLE_ECDH_USE option to further improve security.

This method is not available if HAS_ECDH is False.

New in version 3.3.

Popular Articles

ssl.SSLContext.set_ciphers() SSLContext.set_ciphers(ciphers) Set the available ciphers for sockets created with this context. It should be a string in the OpenSSL cipher list

ssl.SSLContext.set_npn_protocols() SSLContext.set_npn_protocols(protocols) Specify which protocols the socket should advertise during the SSL/TLS handshake. It should be a list of s

ssl.SSLContext.set_servername_callback() SSLContext.set_servername_callback(server_name_callback) Register a callback function that will be called after the TLS Client Hello handshake mes

ssl.SSLContext.set_alpn_protocols() SSLContext.set_alpn_protocols(protocols) Specify which protocols the socket should advertise during the SSL/TLS handshake. It should be a list of

ssl_ecdh_curve Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: mail, server This directive appeared in versions 1.1.0 and 1.0.6.