I patched the Apache 2.2.2 source and followed the instructions(https://issues.apache.org/bugzilla/attachment.cgi?id=18657&action=edit ), and installed many versions of openssl, including the stable 0.9.8g version, and I also tried current snapshots as of april 2008. I managed to get Apache 2 up and running with an ECC keypair(httpd-ssl.conf was set to SSLCipherSuite ECDHE-ECDSA-AES256-SHA), and I was able connect to the server with openssl s_client -connect 10.1.0.1:443 -cipher ECDHE-ECDSA-AES256-SHA, though when I connect with my browser (Firefox 2.0.0.13), I am prompted that I do not have the necessary security protocol/cipher enabled, on both windows and linux firefox versions. This is not true; I checked about:config and security.ssl3.ecdhe_ecdsa_aes_256_sha is set to true. I am able to connect to other test servers on the internet, using the same curve (secp521r1) and tls cipher (ECDHE-ECDSA-AES256-SHA). Is something wrong with my certificates(Pasted below)? I generated them with ECCcertgen.sh bundled with openssl... Apache does not generate any errors. One of my test keypairs is pasted below (I used a secp521r1 curve, but I didn't change the comments. They still indicate secp160r1 or something like that).
server.crt -----BEGIN CERTIFICATE----- MIICzDCCAi4CCQD1ETS+CH2UgzAJBgcqhkjOPQQBMIGoMQswCQYDVQQGEwJVUzEL MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHzAdBgNVBAoTFlN1 biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsTHVN1biBNaWNyb3N5c3RlbXMg TGFib3JhdG9yaWVzMSswKQYDVQQDEyJUZXN0IENBIChFbGxpcHRpYyBjdXJ2ZSBz ZWNwMTYwcjEpMB4XDTA4MDQwODE5MDUyMloXDTEyMDUxNzE5MDUyMlowgawxCzAJ BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEf MB0GA1UEChMWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEmMCQGA1UECxMdU3VuIE1p Y3Jvc3lzdGVtcyBMYWJvcmF0b3JpZXMxLzAtBgNVBAMTJlRlc3QgU2VydmVyIChF bGxpcHRpYyBjdXJ2ZSBzZWNwMTYwcjIpMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG AAQBDCsO6Bh+KHUoF95v1abLMuD9HwEdzw2G7AV6PG7Y7JPu9xzbofcKQx3N4LJa JzZoMqs3DlTcLnDHsKvVxZGNg0MA1JdcplH5hesOoDVKaQ0eLSHuZC8bP4PuiLUV WyD1pEHf3nwJUpfaTAEki2M/mNKbkW1r8mKo/MwIvjBUXTxDMEIwCQYHKoZIzj0E AQOBjAAwgYgCQgDNHA9Nxmqv2tAtCgyhoW8nmsWbqpIxCzBz7FUf1zjpVHUIBYRJ WqEctNlSB7Nm0KGqGkdRVqVAf1peSkjPD0IpYgJCAW7t6LhErN7tqHaNKSqQTz0E o3pyQzAr9NLGHiqU0d6p0wpGARbfZjWwWY1aQPx9SghzSwRDiaK0Pq8cPCq6i2N+ -----END CERTIFICATE----- server.key -----BEGIN EC PRIVATE KEY----- MIHcAgEBBEIB8kqp15qXITJChy2IfqYh/MalRx7KrbrAPFQc+k4+IIOvqSsEa3uN RvvN5W7tHAT2ZqP7fxKrcNQcYO9bzIf0pqWgBwYFK4EEACOhgYkDgYYABAEMKw7o GH4odSgX3m/Vpssy4P0fAR3PDYbsBXo8btjsk+73HNuh9wpDHc3gslonNmgyqzcO VNwucMewq9XFkY2DQwDUl1ymUfmF6w6gNUppDR4tIe5kLxs/g+6ItRVbIPWkQd/e fAlSl9pMASSLYz+Y0puRbWvyYqj8zAi+MFRdPEMwQg== -----END EC PRIVATE KEY----- Any help would be appreciated. Thank you ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
