[Ach] preference of curves in ECC - ECDSA, ECDH
Julien Vehent
julien at linuxwall.info
Sun Mar 9 19:52:34 CET 2014
afaik, the only curve that's supported across the board in web browsers,
is NIST P256.
I don't think NSS (Firefox & Chrome) supports anything else than P256,
P384 and P512.
- Julien
On 2014-03-09 14:07, Aaron Zauner wrote:
> Hi,
>
> RFC4492 specifies that preference of ECC curves will be handled by the
> client [0]. This may not be the best idea, one can circumvent this by
> limiting available curves in the openssl configuration. For example,
> Apache's mod_ssl is able to dynamically configure this for vHosts:
>
> ```
> SSLOpenSSLConfCmd ECDHParameters curvename
> SSLOpenSSLConfCmd Curves curvename curvename
> ```
>
> These are settings that can also be applied system-wide in the openssl
> configuration [1]. Now the issue I see with that is that we again have
> to specify a order of preference with regard to elliptic curves to be
> used in our paper. We still do not have a clear and full picture of
> possible security or performance concerns regarding currently available
> curves. Should we discuss this?
>
> Aaron
>
>
> [0] - https://tools.ietf.org/html/rfc4492#section-5.1
> [1] -
> https://www.openssl.org/docs/ssl/SSL_CONF_cmd.html#SUPPORTED_CONFIGURATION_FILE_COM
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
More information about the Ach
mailing list