Red Hat and the Fedora Project are providing this server as a public service to help test various implementations of ECC in TLS. Please don't overload the server or break in. Seriously.

To test the ECC/TLS capabilities of your browser, select one of the ciphersuites below, and click "Change TLS ciphersuite."

This server supports most, but not all, of the ciphersuites listed in section 6 of the ECC "Cipher Suites for TLS" IETF RFC. NSS does not support the cipher suites using the ECDH_anon key exchange algorithm, even though their names show up in some NSS source files.

Change Ciphersuite

This server supports the following cipher suites. You can change ciphersuites without having to restart your browser. Just select a different one to renegotiate with the new ciphersuite.

About Your Machine:

Client IP Address	38.107.191.118
HTTP User Agent	CCBot/1.0 (+http://www.commoncrawl.org/bot.html)

About the Server

Server name	ecc.fedora.redhat.com
Server port	80
Server protocol	HTTP/1.1

Import CA certificates into your browser

If you have not already done so, you may wish to import the CAs this site uses into your browser. You'll want to mark this CA as trusted for web sites for the duration of your testing. Note that this CA is self-signed and may change in the future.

A different CA was used for each ECC curve so there are 4 CAs to import:

• RSA CA
• ECC 256-bit CA
• ECC 384-bit CA
• ECC 521-bit CA

Contact Us

If you encounter any problems with your ECC/TLS interoperability testing or with this site, there are several ways of contacting us.

• mozilla.dev.tech.crypto newsgroup: Please look here first for answers. If you don't see any discussion of your issue, please feel free to post a message yourself. We want to make sure all important issues get seen by as many developers as possible. Please post as much detail as you can, including the OS you are using, what ECC/TLS toolkit you are using, and any other information we might need to undstand the issue.
• File a bug at bugzilla.mozilla.org: Please file a bug report if you have enough information.
• If you would like to talk to someone and none of the above contact methods are appropriate, please send an email to blord at redhat dot com.

 

ECC Interop Test Servers

• 256-bit ECC server with EC CA
• 384-bit ECC server with EC CA
• 521-bit ECC server with EC CA
• Sun's ECC/TLS test server
• Sun's JES Web Server 7.0 ECC/TLS test server
• Certicom's ECC/TLS test server
• Microsoft's ECC/TLS test server

 

More Information

For more information, please see the following links:

• Download Firefox binaries
• ECC/TLS Specification from the IETF
• mod_nss for Apache
• NSS crypto libraries

 

Supported Ciphersuites

NSS supports the following ECC TLS cipher suites specified in section 6 of the IETF's "ECC Cipher Suites for TLS" RFC. Note that the cipher suite numbers of the first two cipher suites, TLS_ECDH_ECDSA_WITH_NULL_SHA and TLS_ECDH_ECDSA_WITH_RC4_128_SHA, are different (shifted up by 1) from those specified in Draft 12 because of the removal of the TLS_ECDH_ECDSA_WITH_DES_CBC_SHA cipher suite (which uses DES and was the third cipher suite) after Draft 12 was published.

     CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA           = { 0xC0, 0x01 }
     CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA        = { 0xC0, 0x02 }
     CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA   = { 0xC0, 0x03 }
     CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA    = { 0xC0, 0x04 }
     CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA    = { 0xC0, 0x05 }

     CipherSuite TLS_ECDHE_ECDSA_WITH_NULL_SHA          = { 0xC0, 0x06 }
     CipherSuite TLS_ECDHE_ECDSA_WITH_RC4_128_SHA       = { 0xC0, 0x07 }
     CipherSuite TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA  = { 0xC0, 0x08 }
     CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   = { 0xC0, 0x09 }
     CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA   = { 0xC0, 0x0A }
    
     CipherSuite TLS_ECDH_RSA_WITH_NULL_SHA             = { 0xC0, 0x0B } 
     CipherSuite TLS_ECDH_RSA_WITH_RC4_128_SHA          = { 0xC0, 0x0C }
     CipherSuite TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA     = { 0xC0, 0x0D } 
     CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA      = { 0xC0, 0x0E }
     CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA      = { 0xC0, 0x0F }

     CipherSuite TLS_ECDHE_RSA_WITH_NULL_SHA            = { 0xC0, 0x10 }
     CipherSuite TLS_ECDHE_RSA_WITH_RC4_128_SHA         = { 0xC0, 0x11 }
     CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA    = { 0xC0, 0x12 }
     CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA     = { 0xC0, 0x13 }
     CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA     = { 0xC0, 0x14 }

Note that NSS does not support the cipher suites using the ECDH_anon key exchange algorithm, even though their names show up in some NSS source files:

     CipherSuite TLS_ECDH_anon_NULL_WITH_SHA            = { 0xC0, 0x15 }
     CipherSuite TLS_ECDH_anon_WITH_RC4_128_SHA         = { 0xC0, 0x16 }
     CipherSuite TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA    = { 0xC0, 0x17 }
     CipherSuite TLS_ECDH_anon_WITH_AES_128_CBC_SHA     = { 0xC0, 0x18 }
     CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA     = { 0xC0, 0x19 }

For client authentication, NSS supports the ECDSA_sign mechanism. NSS does *not* support the ECDSA_fixed_ECDH and RSA_fixed_ECDH client authentication mechanisms.

---

This site is powered by: