Project

General

Profile

Actions

Feature #901

closed

Elliptic Curve Cryptography

Added by Anonymous over 17 years ago. Updated over 7 years ago.

Status:
Fixed
Priority:
Normal
Category:
TLS
Target version:
-
ASK QUESTIONS IN Forums:

Description

Elliptic Curve Cryptography is a set of cipher suites supported in newer versions of OpenSSL. A major advantage is that ECC uses smaller key sizes (that provide the same security as much larger keysizes associated with RSA and DH), which means it's faster. Lighty can start up with an ECC signed certificate, and clients recieve the certificate, but beyond that, they can't seem to negotiate anything. When I used ssl.cipher-list to specify any of the ECC ciphers, lighty choked on startup. ECC support would make an excellent addition to lighty.

-- justin

Actions #1

Updated by gstrauss almost 8 years ago

  • Description updated (diff)
  • Category changed from core to TLS
  • Assignee deleted (jan)
Actions #2

Updated by gstrauss almost 8 years ago

  • Status changed from New to Fixed
  • Target version set to 1.4.x

I believe this is fixed in 2011 in https://redmine.lighttpd.net/projects/lighttpd/repository?utf8=%E2%9C%93&rev=f610f894

commit f610f894a35b5ef0e082b9f3bd24fa338bb10147
Author: Stefan Bühler <stbuehler@web.de>
Date:   Sun Mar 13 18:00:09 2011 +0000

    ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301, #2246, #2239)

     - add ssl.use-sslv3
     - load all algorithms

    git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2780 152afb58-edef-0310-8abb-c4023f1b3aa9

Actions #3

Updated by stbuehler over 7 years ago

  • Target version deleted (1.4.x)
Actions

Also available in: Atom