Hello, > Like to clarify one point, am I right to say the peer (client) we are > referring to here is the browser? Browser or any other SSL client.
> I'm using Firefox 2 Beta 1 which I know has ECC support. I had > performed a test at tls.secg.org to verify this. According to Firefox documetation ECC support is presently limited to curves of 256, 384, and 521 bits. But after creating ECC secp521r1 I was unable to connect with Firefox too, but now I had error -8092 which means SEC_ERROR_KEYGEN_FAIL. After looking at source code of Firefox there was place in mozilla/security/nss/lib/ssl/ssl3ecc.c where ephemeral keys are generated from ECC and probably this cause error. After running "openssl s_server ..." with "-no_ecdhe" I was able to establish connection with ECC ciphers. >Another point I'm puzzled is that the openssl ciphersuites shown only >ciphers with SSLv3 protocol when I execute openssl cipher -v ECCdraft. >But I thought openssl 0.9.8b already provide support for TLSv1 too, so >why don't I see any ciphers with TLSv1 protocol? Or have I >misunderstood the readme file in 0.9.8b? This is only name problem, SSL3 and TLS1 are very close so sometimes some names/variables are used interchangeably. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]