What is the best way to determine at *compile-time* whether ECDH is
available (specifically EC_KEY_new_by_curve_name)? I am assuming I
should not use ECC with the 0.9.8 draft implementation, and start
with 0.9.9:
#include <openssl/openssl.h>
#if OPENSSL_VERSION_NUMBER >= 0x00909000 && !defined(OPENSSL_NO_ECDH)
... code that enables EC ciphers ...
#endif
Is there a better approach?
When EC support is present, what is the best way to configure EECDH
parameters?
In s_server.c, EECDH is enabled either via a "-named_curve" command-line
option or else uses the default "prime256v1" curve:
...
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
...
SSL_CTX_set_tmp_ecdh(ctx,ecdh);
Is this the preferred way to enable EECDH in applications, or should
one use SSL_CTX_set_tmp_ecdh_callback() instead?
I am guessing that the callback is mainly useful when both "export"
and "non-export" parameters may be required, and there don't appear to
be any EXPORT ECDH ciphers, so it seems that providing a single curve
up-front is simpler, are there any drawbacks to not using the callback?
Does the callback provide "lazy evaluation", by avoiding the expense
of degenerating an ephemeral exponent when clients don't actually
use EECDH? When using the callback is the ephemeral exponent still
cached once generated?
With the s_server(1) approach, the server's private exponent is generated
once per SSL_CTX unless the option SSL_OP_SINGLE_ECDH_USE is set. Is
this pre-computation "expensive", should one:
- Generate a new exponent for each handshake, by setting
SSL_OP_SINGLE_ECDH_USE.
- Re-use the same exponent within a single SSL_CTX context, but
generate a new one for each SSL_CTX (as in s_server).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
