Hi, I am finishing my USB hardware token with ECC support. It is integrated with OpenSSL by the engine interface. I have also integrated it with OpenVPN software. My version works with two new options: (1) --ecdh file - file with ECDH domain parameters to support Elliptic Curve Diffie-Hellman algorithm, (2) --engkey - bool option to indicate that private key is on hardware device and can be read only by engine interface.
What do you think about adding this options to standard distribution of OpenVPN source code. Today ECC Cipher Suite is official standard described in RFC 4492 and its algorithms are implemented in OpenSSL (turn off by default in version 0.9.8, but will be on in version 0.9.9). Best Regards, Andrzej Chmielowiec, CMM Sigma (www.cmmsigma.eu)