ECC/TLS Interoperability Forum

The ECC/TLS Interoperability Forum is dedicated to promoting wide-spread industry adoption of Elliptic Curve Cryptography (ECC) in the Internet's dominant security protocol, HTTPS. Current participants include representatives from Apache/OpenSSL, Certicom, IBM, Microsoft, Mozila/Firefox, NSA, Red Hat, RSA, Sun and Verisign.

The forum is open to any individual or organization implementing RFC 4492, the specification for "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)" developed at the IETF. To join, send email to ecc-sunlabs-support "at" sun dot com.

Interoperability Resources

Publicly accessible test servers with ECC support (listed alphabetically by vendor name). The last entry describes how to build your own ECC-enabled test server.

Certicom

URL	http://tls.secg.org/
Contact	Brian Minard
Remarks	Choose "Test Now!" -> "Continue" -> "here". See Certicom notes.

Microsoft Vista IIS

URL	https://131.107.193.14/
Contact	Jignesh Shah, Aravind Thoram
Remarks	See ECC in Windows Vista. Multiple URLs are provided on the main page for testing various feature combinations, e.g., different elliptic curves, client authentication etc.

OpenSSL s_server

URL	ftp://ftp.openssl.org/snapshot/ Download the latest openssl-SNAP-yyyymmdd.tar.gz
Contact	Douglas Stebila
Remarks	See ECC in OpenSSL.

Red Hat Apache/mod_nss Test Server

URL	https://ecc.fedora.redhat.com/
Contact	Rob Crittenden
Remarks	Uses NSS for its ECC functionality. See ECC in NSS and mod_nss.

Sun Java Web Server 7.0

URL	https://dev.experimentalstuff.com:8081/
Contact	Jyri Virkki
Remarks	Also based on NSS. See ECC in NSS. Evaluation copies available for free download.

Sun Labs Test Server

URL	http://dev.experimentalstuff.com:8082/chooser.html
Contact	Vipul Gupta (NSS), Douglas Stebila (OpenSSL), Andreas Sterbenz (JSSE)
Remarks	User can choose a dynamically configured server based on one of three choices: (i) NSS `selfserv`, (ii) OpenSSL `s_server`, or (iii) JSSE A stand-alone JSSE ECC test server is also available on port 8089.

Building your own Test Server

URL	http://issues.apache.org/bugzilla/show_bug.cgi?id=40132
Contact	Vipul Gupta
Remarks	The URL above contains links to a patch for adding ECC capabilities to Apache 2.2.2 and instructions on using that patch.

Publicly accessible test clients with ECC support

Mozilla Firefox 2.0

URL	http://developer.mozilla.org/
Remarks	Uses NSS. See ECC in NSS. NOTE: As of Aug 2, 2006 the publicly available version of Firefox 2.0 (Beta 1) is unable to successfully obtain an ECC certificate from the Demo ECC CA listed below (presumably because it does not incorporate the patch for Bug 326159). Instructions on building your own ECC enabled version of Firefox are available here.

OpenSSL s_client

URL	ftp://ftp.openssl.org/snapshot/ Download the latest openssl-SNAP-yyyymmdd.tar.gz
Contact	Douglas Stebila
Remarks	See ECC in OpenSSL.

Publicly accessible ECC Certificate Issuers

Sun Labs Demo ECC CA

URL	http://dev.experimentalstuff.com:8082/ECCCA
Contact	Vipul Gupta
Remarks	Uses OpenSSL at the backend. Relies on the KEYGEN tag in ECC-enabled Firefox/SeaMonkey for EC key pair generation and certificate enrollment.

Sample ECC Certificates and PKCS12 files
- X.509 Certificates and PKCS12 files created by Bob Relyea using NSS. Password is ecc.
  NOTE: The file NSS_PKCS12_Samples.zip (linked here prior to Apr 20, 2006) used a bad OID (1.2.840.10040.4.4.1 instead of 1.2.840.10040.4.1) due to a JSS bug which has now been corrected.
- X.509 certificates and PKCS12 files supplied by Kelvin Yiu (Microsoft). Some of these are signed with ECDSA using longer hashes (SHA-256, SHA-384 and SHA-512). The password for the PKCS12 files is ecc.
- X.509 certs used by Microsoft test clients for client authentication (supplied by Aravind Thoram). The password for the PKCS12 files (.pfx) is 1.
- X.509 certificates as PEM files (created using OpenSSL)
- X.509 certificates pretty-printed (using OpenSSL)
- PKCS12 files with password password (created using OpenSSL). Also available as a single zip archive.
- Sample X.509 Certificates and Cert signing requests provided by Bill Daskaluk (Certicom). These are signed with ECDSA-P256-SHA384, ECDSA-P256-SHA512, and ECDSA-P384-SHA512.
An ECC/TLS interoperability test plan is maintained by Chandra Kannan.

About ECC

ECC is a next-generation public-key cryptographic technology that is more resource efficient than RSA. It was recently endorsed by the NSA for protecting sensitive US Government Information (see The Case for ECC and Suite B). More information on ECC is available here.

ECC in Certicom code

Refer to the configuration details for the Certicom test server.

ECC in OpenSSL

The ECC/TLS implementation in OpenSSL supports all of the twenty five curves defined in Section 5.1.1 of RFC 4492 and several other named curves standardized by NIST (including the three Suite B curves), SECG and ANSI. It also supports all ECC cipher suites (but TLS_ECDH_RSA_* ciphers appear to be broken in recent builds). OpenSSL does not support client authentication using ECDSA_fixed_ECDH or RSA_fixed_ECDH. Client authentication using ECDSA_sign is supported.

ECC in Windows Vista

The ECC/TLS implementation in Windows Vista supports three elliptic curves (all part of Suite B) -- NIST P-256 (aka secp256r1), NIST P-384 (aka secp384r1), and NIST P-521 (aka secp521r1) -- and four cipher suites:

        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

The ECC code in Windows Vista does not support EC point compression nor does it support client authentication using ECDSA_fixed_ECDH or RSA_fixed_ECDH. Client authentication using ECDSA_sign is supported.

ECC in NSS

The ECC/TLS implementation in NSS (Network Security Services) supports all of the twenty five curves defined in Section 5.1.1 of RFC 4492 and several other named curves standardized by NIST (including the three Suite B curves), SECG and ANSI. The supported cipher suites are:

        TLS_ECDH_ECDSA_WITH_NULL_SHA
        TLS_ECDH_ECDSA_WITH_RC4_128_SHA
        TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

        TLS_ECDHE_ECDSA_WITH_NULL_SHA
        TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
        TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

        TLS_ECDH_RSA_WITH_NULL_SHA
        TLS_ECDH_RSA_WITH_RC4_128_SHA
        TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

        TLS_ECDHE_RSA_WITH_NULL_SHA
        TLS_ECDHE_RSA_WITH_RC4_128_SHA
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

NSS does not support EC point compression nor does it support client authentication using ECDSA_fixed_ECDH or RSA_fixed_ECDH. Client authentication using ECDSA_sign is supported.

ECC in Java SE

The ECC/TLS implementation (JSSE) in Sun's JDK 6 supports supports all of the twenty five curves defined in Section 5.1.1 of RFC 4492 and several other named curves standardized by NIST (including the three Suite B curves), SECG and ANSI. It also supports all ECC cipher suites, ECDSA_sign client authentication, and the TLS extensions Supported Elliptic Curves Extension and Supported Point Formats Extension. JSSE does not support EC point compression nor does it support client authentication using ECDSA_fixed_ECDH or RSA_fixed_ECDH.

Note that JDK 6 does not include a Java based EC crypto implementation. That needs to be supplied by a 3rd party Java crypto provider or by a PKCS#11 library (such as the NSS Softtoken) that is accessed via the SunPKCS11 provider.

Early access binaries are available on the Mustang java.net site and more information is available here.

Questions/Comments: ecc-sunlabs-support "at" sun dot com (Last update: Aug 2, 2006)