Victor Duchovni wrote: > > Support for ECC is by default disabled in the stable 0.9.8 release, > and is slated for production use with 0.9.9 which is not yet released. > > Development snaphots of 0.9.9 are available for testing. > > To enable EECDH on a TLSv1 server: > > SSL_CTX *server_ctx > int nid; > EC_KEY *ecdh; > const char *curve; > > /* > * Elliptic-Curve Diffie-Hellman parameters are either "named curves" > * from RFC 4492 section 5.1.1, or explicitly described curves over > * binary fields. OpenSSL only supports the "named curves", which > provide > * maximum interoperability. The recommended curve for 128-bit > work-factor > * key exchange is "prime256v1" a.k.a. "secp256r1" from Section 2.7 of > * http://www.secg.org/download/aid-386/sec2_final.pdf > */ > if ((nid = OBJ_sn2nid(curve)) == NID_undef) { > /* unknown curve */ > return (0); > } > ERR_clear_error(); > if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0 > || SSL_CTX_set_tmp_ecdh(server_ctx, ecdh) == 0) { > tls_print_errors(); > return (0); > } > return (1); >
Hi, I tried this method of importing the ec parameters in my code (I use OpenSSL 0.9.8g), but It gives the error : No shared cipher. Is it because Im using 0.9.8g? If I need to use 0.9.9, can somebody show me where to get a functional snapshot? The snapshot I downloaded does not work. Please help. Thanks. -- View this message in context: http://www.nabble.com/ECC-Usage-tp14739445p20517868.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
