On Wed, Sep 2, 2015 at 1:48 PM, Jason - <winpackjason@xxxxxxxxxxx> wrote: > I have Ubuntu 15.04 with Apache 2.4.10 (OpenSSL 1.0.1f) and I would like to > configure Apache ssl.conf specifically for "ECC Curve Order", as on Windows > 10, where I select the preferred order of Elliptic Curves. I have two > questions related to this: > > 1) On OpenSSL, how do I view the supported ECC Curves (eg. NISTp521, > brainpool, etc.) of my system? "openssl ecparam -list_curves" should do it. > > 2) On Apache, how do I configure (inside ssl.conf) the curve order? Can I > also set it to follow a specific preference order? (I would prefer 1st > P-521, 2st P-384, 3rd P-256, and not P-256 by default as my Apache does...) With OpenSSL-1.0.2 and later, it is possible to use the SSLOpenSSLConfCmd directive (see [1], eg. "SSLOpenSSLConfCmd Curves P-521:P-384:..."). Since you use an earlier version, I think you can only change the default curve by appending ecparams to the server's SSLCertificateFile (see [2]). Regards, Yann. [1] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslopensslconfcmd [2] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|