[Ach] Apache ECC support
Adam Lewicki
adam at lewicki.at
Tue Nov 19 11:02:59 CET 2013
Hi folks,
Let me introduce myself in a short one-liner:
My name is Adam, and I'm working for a large austrian data center
which also provides webservices to its clients in the .gv.at sector :)
I recently was handed a paper copy of your draft (by our internal cert
folks) and am in the process of reading it. As you may be aware the
Apache httpd 2.2 tree as of today is still unable to handle eliptical
curves in ciphersuites. This is about to change with the next release.
The current stable is 2.2.25 - the release notes for 2.2.26 (
http://www.apache.org/dist/httpd/CHANGES_2.2 ) now state:
*) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
OpenSSL 1.0.0b3. [Vipul Gupta vipul.gupta sun.com, Sander Temme,
Stefan Fritsch]
for version 2.2.26. The release of this version seems to be imminent.
IMHO Section 9.1.1 should therefore state, that a recommended minimum
build for Apache http deamons should be 2.2.26 or 2.4.x in order to
support the latest and greatest crypto :)
Best wishes
Adam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: PGP Digital Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/fd44abee/attachment.sig>
More information about the Ach
mailing list