Hi,
I've compiled successfully Apache (2.2) with OpenSSL
(0.9.8b) on win32. Has tested it with success with a
self-signed rsa cert.

Proceed to generate a ec cert with secp160r1.

Was unable to start Apache after changing settings in
httpd-ssl.conf.
Changes:
SSLCertificateFile d:/www/Apache2/conf/secp160r1.crt
SSLCertificateKeyFile
d:/www/Apache2/conf/secp160r1.key

Attempted to check ec cert using command:
openssl s_server -cert secp160r1.crt -key
secp160r1.key

and received error SSL routines:
SSL3_GET_CLIENT_HELLO:no shared cipher

Run command openssl x509 -in secp160r1.crt -text and
noted that the signature algorithm is ecdsa-wit-SHA1.

I remember that neither IE nor Firefox seem to be able
to read DSA cert so am wondering whether this is the
cause of the no shared cipher error.
How can this be resolved? Can I convert the signature
(maybe to RSA?) while still maintaining my ec key?

But I still don't understand why I can't start Apache
after pointing to the EC related files.=20
Only error I received for Apache log was 'no RSA or
DSA server certificate found for
'www.example.com:443'?!'

Any advice, please?
Thanks!
SS


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around=20
http://mail.yahoo.com=20
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org