I tried patching the current trunk with _defaultCurveName = u"secp384r1" (the EC that
ssllabs.com reports)
and it did work.
Looking at ClientHello messages for openssl 1.0.2 and 1.1 [4]:
with 1.1, only 1 Elliptic Curve is sent by Twisted Web Agent, secp256r1
openssl v1.1 client uses 4 by default: ecdh_x25519, secp256r1, secp521r1, secp384r1
I was wondering what is the proper way to configure requested Elliptic Curves.
I haven't seen any interface for this, contrary to ciphers with acceptableCiphers.
Thank you for your input.