httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <>
Subject Re: [users@httpd] ECC Curve Order Preference
Date Wed, 02 Sep 2015 12:22:15 GMT
On Wed, Sep 2, 2015 at 1:48 PM, Jason - <> wrote:
> I have Ubuntu 15.04 with Apache 2.4.10 (OpenSSL 1.0.1f) and I would like to
> configure Apache ssl.conf specifically for "ECC Curve Order", as on Windows
> 10, where I select the preferred order of Elliptic Curves. I have two
> questions related to this:
> 1) On OpenSSL, how do I view the supported ECC Curves (eg. NISTp521,
> brainpool, etc.) of my system?

"openssl ecparam -list_curves" should do it.

> 2) On Apache, how do I configure (inside ssl.conf) the curve order? Can I
> also set it to follow a specific preference order? (I would prefer 1st
> P-521, 2st P-384, 3rd P-256, and not P-256 by default as my Apache does...)

With OpenSSL-1.0.2 and later, it is possible to use the
SSLOpenSSLConfCmd directive (see [1], eg. "SSLOpenSSLConfCmd Curves

Since you use an earlier version, I think you can only change the
default curve by appending ecparams to the server's SSLCertificateFile
(see [2]).



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message