The problem with ECC is (has been, rather) that it's covered by patents, and OpenSSL didn't have ECC APIs until very recently. I believe the implementation in the latest versions of OpenSSL are based on the work of the same authors. Unfortunately, with so much deployed code using RSA-based handshakes, it seems tough for ECC to gain traction all that soon.
If your SSL handshaking is a performance-limiting step, you're doing something wrong. Yes, ECC can be faster than RSA... but it really doesn't matter for SSL.
4 comments
[ 4.3 ms ] story [ 23.4 ms ] threadThe problem with ECC is (has been, rather) that it's covered by patents, and OpenSSL didn't have ECC APIs until very recently. I believe the implementation in the latest versions of OpenSSL are based on the work of the same authors. Unfortunately, with so much deployed code using RSA-based handshakes, it seems tough for ECC to gain traction all that soon.
Also, the lawsuit that certicom made against Sony for ECC infringement was thrown out.
Here is a GPL implementation that claims to be patent free:
http://point-at-infinity.org/seccure/