Skip to content

Commit

Permalink
Added comment on how to make sure only the name elliptic curve "secp2…
Browse files Browse the repository at this point in the history 
…56r1" is allowed for ECDH(E).
  • Loading branch information
Marc Mültin committed May 2, 2020
1 parent f9fce08 commit 7fb507a
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
9 changes: 9 additions & 0 deletions RISE-V2G-EVCC/src/main/java/com/v2gclarity/risev2g/evcc/transportLayer/TLSClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,15 @@ public boolean initialize(Inet6Address host, int port) {
* the standard. An implementer may decide to choose only one of them:
* - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
*
* In ISO 15118-2, only the named elliptic curve "secp256r1" is allowed for ECDH(E). The jdk.tls.namedGroups property
* contains a comma-separated list within quotation marks of enabled named groups in preference order. The list of default
* named groups varies depending on what JDK release you are using. Set it on your Java command-line as follows:
*
* $ java -Djdk.tls.namedGroups="secp256r1"
*
* As it turns out, "secp256r1" is already the default first entry for Java 8 (and higher versions), but you should deactivate
* the other elliptic curves by reducing the list to this one entry only.
*/
String[] enabledCipherSuites = {
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
Expand Down
9 changes: 9 additions & 0 deletions RISE-V2G-SECC/src/main/java/com/v2gclarity/risev2g/secc/transportLayer/TLSServer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,15 @@ public boolean initialize() {
* the standard. An implementer may decide to choose only one of them:
* - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
* - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
*
* In ISO 15118-2, only the named elliptic curve "secp256r1" is allowed for ECDH(E). The jdk.tls.namedGroups property
* contains a comma-separated list within quotation marks of enabled named groups in preference order. The list of default
* named groups varies depending on what JDK release you are using. Set it on your Java command-line as follows:
*
* $ java -Djdk.tls.namedGroups="secp256r1"
*
* As it turns out, "secp256r1" is already the default first entry for Java 8 (and higher versions), but you should deactivate
* the other elliptic curves by reducing the list to this one entry.
*/
String[] enabledCipherSuites = {
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
Expand Down

0 comments on commit 7fb507a

Please sign in to comment.