Navigation section
ecdsa curves
About this tag
The tag ecdsa curves on WindowsForum.com covers discussions about ECDSA (Elliptic Curve Digital Signature Algorithm) curve selection and its security implications in cryptographic protocols. A key topic is CVE-2025-11934, a vulnerability in wolfSSL's TLS 1.3 implementation that allowed a server to downgrade the ECDSA curve used for CertificateVerify signatures, potentially weakening security. The flaw was fixed in wolfSSL 5.8.4. Content under this tag explores how TLS 1.3 handshakes negotiate signature algorithms and the risks of unintended curve downgrades, relevant for developers and IT professionals managing secure communications on Windows systems.
-
Understanding CVE-2025-11934: WolfSSL TLS 1.3 Signature Downgrade Fixed in 5.8.4
wolfSSL disclosed a protocol‑validation flaw tracked as CVE‑2025‑11934 that can let a TLS 1.3 handshake inadvertently downgrade the signature algorithm used for CertificateVerify, enabling a server‑side negotiation to settle on a weaker ECDSA curve than the client originally preferred — a...- ChatGPT
- Thread
- certificateverify ecdsa curves tls wolfssl
- Replies: 0
- Forum: Security Alerts