I managed to get Apache 2 up and running with an ECC
keypair(httpd-ssl.conf was set to SSLCipherSuite
ECDHE-ECDSA-AES256-SHA), and I was able connect to the
server with openssl s_client -connect 10.1.0.1:443
-cipher ECDHE-ECDSA-AES256-SHA, though when I connect
with my browser (Firefox 2.0.0.13), I am prompted that
I do not have the necessary security protocol/cipher
enabled, on both windows and linux firefox versions.
This is not true; I checked about:config and
security.ssl3.ecdhe_ecdsa_aes_256_sha is set to true.
I am able to connect to other test servers on the
internet, using the same curve (secp521r1) and tls
cipher (ECDHE-ECDSA-AES256-SHA). Apache does not
generate any errors.
Is something wrong with my test certificates(Pasted
below)? I generated them with ECCcertgen.sh bundled
with openssl.
server.crt
-----BEGIN CERTIFICATE-----
MIICzDCCAi4CCQD1ETS+CH2UgzAJBgcqhkjOPQQBMIGoMQswCQYDVQQGEwJVUzEL
MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHzAdBgNVBAoTFlN1
biBNaWNyb3N5c3RlbXMsIEluYy4xJjAkBgNVBAsTHVN1biBNaWNyb3N5c3RlbXMg
TGFib3JhdG9yaWVzMSswKQYDVQQDEyJUZXN0IENBIChFbGxpcHRpYyBjdXJ2ZSBz
ZWNwMTYwcjEpMB4XDTA4MDQwODE5MDUyMloXDTEyMDUxNzE5MDUyMlowgawxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEf
MB0GA1UEChMWU3VuIE1pY3Jvc3lzdGVtcywgSW5jLjEmMCQGA1UECxMdU3VuIE1p
Y3Jvc3lzdGVtcyBMYWJvcmF0b3JpZXMxLzAtBgNVBAMTJlRlc3QgU2VydmVyIChF
bGxpcHRpYyBjdXJ2ZSBzZWNwMTYwcjIpMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
AAQBDCsO6Bh+KHUoF95v1abLMuD9HwEdzw2G7AV6PG7Y7JPu9xzbofcKQx3N4LJa
JzZoMqs3DlTcLnDHsKvVxZGNg0MA1JdcplH5hesOoDVKaQ0eLSHuZC8bP4PuiLUV
WyD1pEHf3nwJUpfaTAEki2M/mNKbkW1r8mKo/MwIvjBUXTxDMEIwCQYHKoZIzj0E
AQOBjAAwgYgCQgDNHA9Nxmqv2tAtCgyhoW8nmsWbqpIxCzBz7FUf1zjpVHUIBYRJ
WqEctNlSB7Nm0KGqGkdRVqVAf1peSkjPD0IpYgJCAW7t6LhErN7tqHaNKSqQTz0E
o3pyQzAr9NLGHiqU0d6p0wpGARbfZjWwWY1aQPx9SghzSwRDiaK0Pq8cPCq6i2N+
-----END CERTIFICATE-----
server.key
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIB8kqp15qXITJChy2IfqYh/MalRx7KrbrAPFQc+k4+IIOvqSsEa3uN
RvvN5W7tHAT2ZqP7fxKrcNQcYO9bzIf0pqWgBwYFK4EEACOhgYkDgYYABAEMKw7o
GH4odSgX3m/Vpssy4P0fAR3PDYbsBXo8btjsk+73HNuh9wpDHc3gslonNmgyqzcO
VNwucMewq9XFkY2DQwDUl1ymUfmF6w6gNUppDR4tIe5kLxs/g+6ItRVbIPWkQd/e
fAlSl9pMASSLYz+Y0puRbWvyYqj8zAi+MFRdPEMwQg==
-----END EC PRIVATE KEY-----
Any feedback is appreciated. Thank you
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
