Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Dr. Stephen Henson
On Fri, Jan 11, 2008, Victor Duchovni wrote: > On Fri, Jan 11, 2008 at 07:28:00PM +0100, Dr. Stephen Henson wrote: > > > On Fri, Jan 11, 2008, Rodney Thayer wrote: > > > > > > > > I wonder if apache-ssl supports ECC... > > > > > > > Apache currently has algorithm specific code for keys and cert

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Victor Duchovni
On Fri, Jan 11, 2008 at 07:28:00PM +0100, Dr. Stephen Henson wrote: > On Fri, Jan 11, 2008, Rodney Thayer wrote: > > > > > I wonder if apache-ssl supports ECC... > > > > Apache currently has algorithm specific code for keys and certificates with > only RSA and DSA included as standard. That mean

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Dr. Stephen Henson
On Fri, Jan 11, 2008, Rodney Thayer wrote: > > I wonder if apache-ssl supports ECC... > Apache currently has algorithm specific code for keys and certificates with only RSA and DSA included as standard. That means each new public key algorithm needs to be added as a special case. Steve. -- Dr S

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Victor Duchovni
On Fri, Jan 11, 2008 at 08:41:23AM -0800, Rodney Thayer wrote: > That's great. I wonder what they tested it with. Probably > the OpenSSL s_server tool ;-) > > I wonder if apache-ssl supports ECC... If it uses OpenSSL, and is linked against 0.9.9 (i.e. not yet), then ECDSA support requires no n

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Rodney Thayer
[EMAIL PROTECTED] wrote: Hello, Does 'openssl s_server' support this? Are there public ECC TLS implementations this is known to interoperate with? You may look at Firefox source (NSS library). In Firefox (2.0) you may view/control ssl ciphersuites entering "about:config" url and next "ssl" as a

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Rodney Thayer
Victor Duchovni wrote: On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: Does 'openssl s_server' support this? Are there public ECC TLS implementations this is known to interoperate with? OpenSSL s_server is a test tool, not an application. In 0.9.9 snapshot builds, s_server sup

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Rodney Thayer
Victor Duchovni wrote: OpenSSL s_server is a test tool, not an application. openssl the program, as built in the 'apps' directory of the openssl source tree, is a test tool APPLICATION that has been used for almost a decade to debug and interop test other (mostly commercial) TLS implementatio

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-11 Thread Marek . Marcola
Hello, > Does 'openssl s_server' support this? Are there public ECC TLS > implementations this is known to interoperate with? You may look at Firefox source (NSS library). In Firefox (2.0) you may view/control ssl ciphersuites entering "about:config" url and next "ssl" as a filter word. Next you m

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-10 Thread Victor Duchovni
On Thu, Jan 10, 2008 at 11:54:44PM -0500, Victor Duchovni wrote: > On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: > > > > Does 'openssl s_server' support this? Are there public ECC TLS > > > implementations this is known to interoperate with? > > > > OpenSSL s_server is a test

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-10 Thread Larry Bugbee
And if you be a Python user, M2Crypto exposes ECC and the rest of OpenSSL to your program. On Jan 10, 2008, at 8:54 PM, Victor Duchovni wrote: On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: Does 'openssl s_server' support this? Are there public ECC TLS implementations thi

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-10 Thread Victor Duchovni
On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: > > Does 'openssl s_server' support this? Are there public ECC TLS > > implementations this is known to interoperate with? > > OpenSSL s_server is a test tool, not an application. In 0.9.9 snapshot > builds, s_server support ECDSA,

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-10 Thread Victor Duchovni
On Thu, Jan 10, 2008 at 05:37:47PM -0800, Rodney Thayer wrote: > >To enable ECDSA certs, just configure an additional cert/key pair in > >the server. You can configure up to 3 certficates, one RSA cert, one > >DSA cert and one ECDSA cert. The code for adding more certs is the > >same for RSA and D

Re: ECC Usage - using OpenSSL as the server and/or client

2008-01-10 Thread Rodney Thayer
Victor Duchovni wrote: To enable EECDH on a TLSv1 server: SSL_CTX *server_ctx int nid; EC_KEY *ecdh; const char *curve; /* * Elliptic-Curve Diffie-Hellman parameters are either "named curves" * from RFC 4492 section 5.1.1, or explicitly described curves over