On Nov 25, 2013, at 12:22 AM, Igor Galić <[email protected]> wrote:
> > > ----- Original Message ----- >> Here's the commit adding ECDHE support to apache httpd: >> >> >> http://mail-archives.apache.org/mod_mbox/httpd-cvs/200911.mbox/%[email protected]%3E > > What this code does is more than just an initial throw, it enables to use > ECC /keys/ all we need to start using ECDHE is the initialization. > > > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=834378&r1=834377&r2=834378&view=diff > >> and for stud: >> >> https://github.com/bumptech/stud/pull/61/files > > Wow. That's bad. That looks specifically for the *bad* NSA curve constants > before initializing the ec code. That's not something I'd rely on, since > not even NIST is any more. I believe that this code originates from an OpenSSL mailing list recommendation from the OpenSSL devs. Do you have the list of "bad" NIST curves? J
