Victor Duchovni wrote:
On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote:
Does 'openssl s_server' support this? Are there public ECC TLS
implementations this is known to interoperate with?
OpenSSL s_server is a test tool, not an application. In 0.9.9 snapshot
builds, s_server support ECDSA, just point your cert and key files
at an ECDSA cert and private key. I have not checked whether it has a
command-line option to select an EECDH curve, but this is not important.
The command-line option is "-named_curve", and if no curve is specified
"prime256v1" is used by default unless the "-no_ecdhe" option is supplied
(in which case any name curve is also ignored).
So, for what its worth, s_server and s_client fully support EECDH
and ECDSA.
thank you! That's great. I wonder if the out-of-the-box OpenSSL
has enough code turned on to test this without being hassled by a
patent holder. This has happened before, you know. Apple shipped
IDEA in their OpenSSL on OS-X up until around 10.2 (that's when
people started reporting it as a bug and the finally pulled it.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]