ECC cipher suites

Daiki Ueno ueno at unixuser.org
Thu Aug 27 13:29:18 CEST 2009


>>>>> In <87eiqzedlg.fsf at mocca.josefsson.org> 
>>>>>	Simon Josefsson <simon at josefsson.org> wrote:
> > I looked at the feature comparison table of TLS libraries and noticed
> > that GnuTLS still lacks ECC support:
> > http://www.gnu.org/software/gnutls/comparison.html
> >
> > Is anyone working on this?  Otherwise, I would like to give it a try[1].

> Nobody is working on it, but there are patent issues with ECC that has
> to be resolved.  To avoid wasting time, we may want to approach the FSF
> and the SFLC first to get a better understanding of what's involved here
> (I've been deferring this since nobody has expressed interest in ECC).

Good to know before stepping into further.  I hope that the situation
will change in the near future.

> Finishing the TLS 1.2 support and adding the new cipher suites is a
> high-priority task and it shouldn't be too difficult since there are TLS
> 1.2 test servers out there to test with.

Thanks for the hint.  I'll check which features of TLS 1.2 are not
implemented.  Adding HMAC-SHA256 cipher suites looks one thing to do.

Regards,
-- 
Daiki Ueno



More information about the Gcrypt-devel mailing list