On Fri, Jan 11, 2008 at 08:41:23AM -0800, Rodney Thayer wrote:
> That's great. I wonder what they tested it with. Probably
> the OpenSSL s_server tool ;-)
>
> I wonder if apache-ssl supports ECC...
If it uses OpenSSL, and is linked against 0.9.9 (i.e. not yet), then
ECDSA support requires no new application code provided you are willing
to *switch* from RSA to ECDSA. If the application already supports both
RSA and DSA certs (2 certificate slots), then it can be switched from
RSA+DSA to RSA+ECDSA or DSA+ECDSA again with no code changes, just point
it at the right cert(s).
What does require new code (the ~10 lines I posted) is enabling EECDH by
selecting a suitable curve. So ECDSA without forward secrecy is already
supported by existing OpenSSL apps once they re-compile/re-link against
a library with ECDSA support. Enabling forward-secrecy (EECDH) requires
code to select the appropriate curve.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]