Does a TLS client need to support all named groups supported by the server?

For elliptical curve (EC) protocol, all that is needed is for the client and the server to support at least one common curve. However, if the client and the server do not support at least one common curve, they can try to agree on other protocols (such as DH).

But, in your case, it looks like the WAF supports a fairly large number of curves. Even though x25519 is not one of them, there are plenty of others supported by the WAF, many of which that are older than x25519, so I don’t suspect you’ll have too many clients that are unable to connect just because you no longer support x25519.

Leave a Reply

Your email address will not be published. Required fields are marked *