[Ach] Apache ECC support

Adam Lewicki adam at lewicki.at
Tue Nov 19 11:02:59 CET 2013

Hi folks,

Let me introduce myself in a short one-liner:
My name is Adam, and I'm working for a large austrian data center  
which also provides webservices to its clients in the .gv.at sector :)

I recently was handed a paper copy of your draft (by our internal cert  
folks) and am in the process of reading it. As you may be aware the  
Apache httpd 2.2 tree as of today is still unable to handle eliptical  
curves in ciphersuites. This is about to change with the next release.  
The current stable is 2.2.25 - the release notes for 2.2.26 (  
http://www.apache.org/dist/httpd/CHANGES_2.2 ) now state:

    *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
       OpenSSL 1.0.0b3.  [Vipul Gupta vipul.gupta sun.com, Sander Temme,
       Stefan Fritsch]

for version 2.2.26. The release of this version seems to be imminent.

IMHO Section 9.1.1 should therefore state, that a recommended minimum  
build for Apache http deamons should be 2.2.26 or 2.4.x in order to  
support the latest and greatest crypto :)

Best wishes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: PGP Digital Signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131119/fd44abee/attachment.sig>

More information about the Ach mailing list