Victor Duchovni wrote:
> On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote:
>>> Does 'openssl s_server' support this? Are there public ECC TLS
>>> implementations this is known to interoperate with?

>> OpenSSL s_server is a test tool, not an application. In 0.9.9 snapshot
>> builds, s_server support ECDSA, just point your cert and key files
>> at an ECDSA cert and private key. I have not checked whether it has a
>> command-line option to select an EECDH curve, but this is not important.

> The command-line option is "-named_curve", and if no curve is specified
> "prime256v1" is used by default unless the "-no_ecdhe" option is supplied
> (in which case any name curve is also ignored).
> So, for what its worth, s_server and s_client fully support EECDH
> and ECDSA.

thank you! That's great. I wonder if the out-of-the-box OpenSSL
has enough code turned on to test this without being hassled by a
patent holder. This has happened before, you know. Apple shipped
IDEA in their OpenSSL on OS-X up until around 10.2 (that's when
people started reporting it as a bug and the finally pulled it.)
__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager