<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
I’m somewhat confused as to what I need to do to use ECDHE ciphers (ECDHE-ECDSA-AES128-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, etc). I’m hoping this list can help, or at least point me to a good tutorial somewhere. A lot of the information I’ve looked at is
from the following links:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<a href="https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations">https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations</a></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<a href="https://crypto.stackexchange.com/questions/19452/static-dh-static-ecdh-certificate-using-openssl">https://crypto.stackexchange.com/questions/19452/static-dh-static-ecdh-certificate-using-openssl</a></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
I’m only looking at getting something set up for testing for now; I have a self-signed certificate and a private key. Here is the certificate, with some info stripped (I didn’t create it so I don’t have the exact commands used):</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Certificate:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Data:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Version: 3 (0x2)</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Serial Number:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>e7:64:34:3c:f2:b4:f5:cc</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Signature Algorithm: ecdsa-with-SHA256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Issuer: C=US, ST=MyState, L=City, O=Org, OU=Dept, CN=MyCN/emailAddress=me@example.com</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Validity</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Not Before: Jan 29 20:11:44 2020 GMT</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Not After : Jan 28 20:11:44 2021 GMT</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Subject: C=US, ST= MyState, L=City, O=Org, OU=Dept, CN=MyCN/emailAddress=me@example.com</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Subject Public Key Info:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Public Key Algorithm: id-ecPublicKey</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Public-Key: (256 bit)</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>pub:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span><span style="mso-spacerun:yes"> </span>04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span><span style="mso-spacerun:yes"> </span>58:68:82:a4:3e</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>ASN1 OID: prime256v1</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>NIST CURVE: P-256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>X509v3 extensions:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>X509v3 Subject Key Identifier:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>DA:B7:A7:5A:16:85:40:61:36:D7:37:5E:AF:BE:E4:90:80:05:C7:FA</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>X509v3 Authority Key Identifier:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>keyid:DA:B7:A7:5A:16:85:40:61:36:D7:37:5E:AF:BE:E4:90:80:05:C7:FA</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>X509v3 Basic Constraints:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>CA:TRUE</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Signature Algorithm: ecdsa-with-SHA256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>30:45:02:21:00:bc:9c:cb:f1:ca:30:24:d3:7e:86:b4:d4:6f:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>f6:5a:3c:ab:c2:8d:24:b5:bc:03:b2:f9:55:74:0d:5d:cc:2c:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>11:02:20:56:f8:05:4d:88:e6:35:ab:7b:db:01:02:1c:3d:ae:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>ab:5d:5a:86:61:5b:e5:2d:1a:3f:4d:bf:5b:ea:12:c2:50</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
I also didn’t generate the private key, but I’ll dump some info on it here, again to make sure it looks OK. It’s also part of the equation that I’m not 100% sure about (if my private key is set up correctly). This is a non-production key, used only for initial
testing:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
---:/etc/ssl # openssl ec -in private/mykey.pem -text</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
read EC key</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Private-Key: (256 bit)</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
priv:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>00:96:f8:5b:9d:a3:fb:3d:27:de:01:75:54:0f:51:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>69:38:d1:8f:2d:62:19:80:67:14:4a:da:1e:b5:d8:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>57:8f:e8</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
pub:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>58:68:82:a4:3e</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ASN1 OID: prime256v1</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
NIST CURVE: P-256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
writing EC key</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
-----BEGIN EC PRIVATE KEY-----</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
MHcCAQEEIJb4W52j+z0n3gF1VA9RaTjRjy1iGYBnFEraHrXYV4/ooAoGCCqGSM49</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
AwEHoUQDQgAEHwfn6gm0lD6pC8TG0mUx20ycM5zN+734sQ6OaVx0zY2YDGcJ+x0B</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
n/aI1AKJnWZ4/840CecFzGMfUwdYaIKkPg==</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
-----END EC PRIVATE KEY-----</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
---:/etc/ssl # openssl ec -in private/mykey.pem -text -param_out</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
read EC key</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Private-Key: (256 bit)</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
priv:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>00:96:f8:5b:9d:a3:fb:3d:27:de:01:75:54:0f:51:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>69:38:d1:8f:2d:62:19:80:67:14:4a:da:1e:b5:d8:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>57:8f:e8</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
pub:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>04:1f:07:e7:ea:09:b4:94:3e:a9:0b:c4:c6:d2:65:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>31:db:4c:9c:33:9c:cd:fb:bd:f8:b1:0e:8e:69:5c:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>74:cd:8d:98:0c:67:09:fb:1d:01:9f:f6:88:d4:02:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>89:9d:66:78:ff:ce:34:09:e7:05:cc:63:1f:53:07:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>58:68:82:a4:3e</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ASN1 OID: prime256v1</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
NIST CURVE: P-256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
writing EC key</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
-----BEGIN EC PARAMETERS-----</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
BggqhkjOPQMBBw==</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
-----END EC PARAMETERS-----</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
For my server code, the setup I use is very similar to if I was using an RSA certificate/key pair; setting up a CTX and calling the appropriate APIs for specifying the private key and certificate. Pseudocode:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ctx = SSL_CTX_new(TLS_method());</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
status = SSL_CTX_use_PrivateKey_file(ctx,<keyfile>,SSL_FILETYPE_PEM);</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
status = SSL_CTX_use_certificate_file(ctx, ,<certfile>,SSL_FILETYPE_PEM);</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
// Verify the cert and key are a pair</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
status = SSL_CTX_check_private_key(ctx);</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
I do some validation of the certificate, the code for which I’ll skip as I don’t think it’s important here. I also set the protocol version I support with SSL_CTX_set_max_proto_version() and call SSL_CTX_set_cipher_list() to set the ciphers the server supports.
The ciphers include the following:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_RSA_WITH_AES_128_CBC_SHA256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_RSA_WITH_AES_128_GCM_SHA256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_ECDSA_WITH_AES_128_CBC_SHA256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_RSA_WITH_AES_256_CBC_SHA384</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_RSA_WITH_AES_256_GCM_SHA384</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_ECDSA_WITH_AES_256_CBC_SHA384</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Since I’m supporting ECDHE ciphers, I also call the following API, because I need to set the curves I support:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
status = SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256");</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Then another API call so the server will select the appropriate curve for the client:</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
status = SSL_CTX_set_ecdh_auto(ctx, 1);</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
First question, for the ECDHE_RSA* ciphers, I just need an RSA certificate and key, correct? Nothing else to do here?</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<span style="mso-spacerun:yes"> </span>Most of my confusion is on the ECDHE_ECDSA* ciphers. Do I need to do anything else in addition to the above to use them? I’ve read about “EC parameters” files (and “ECDHE parameters” files?). Do I need to create another
file to read in to support the ECDHE_ECDSA* ciphers? From the second command displaying the private key above, it looks like there are “EC parameters” embedded in the private key. Since I’m not 100% sure how the key was generated, that could be what’s causing
my confusion. </p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Is the code I have above enough, or do I need another file? If so, how is that file generated, and what API do I need to read it in and use it?</p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
<o:p> </o:p></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif">
Thanks in advance.</p>
<br>
</div>
</body>
</html>