Support for eccs SSL option (Elliptic Curve Cryptography).

[nthauvin]

Hi,

We have customers with strong security policies. One of them is to be "PCI DSS compliant".

See "Strong Cryptography" in https://www.pcisecuritystandards.org/documents/PCI_DSS_Glossary_v3-2.pdf#page=21 where ECC with 224 bits and higher is recommended.,

Erlang SSL allows to pass an eccs option when dealing with sockets in order to specify the ECCs to be used.

This patch does the same thing as for the 'ciphers' SSL option, passing the options from yaws.conf to ssl:listen.

[vinoski]

@nthauvin This is great, thanks! But we need one addition: this should also be documented in the Yaws man page. I'm happy to pull your branch and squash that change into it, then merge it, but if you'd prefer to do it that's fine as well (but please squash it down to a single commit if you do it). Either way is fine with me, just let me know.

[vinoski]

Since I haven't heard back, I'll go ahead and make the man page change, then bring the change to master.

[vinoski]

I've already rebased this to master, so please ignore the conflicts warning above.

Thanks again for contributing this.

[nthauvin]

Hi,

uups, sorry...

I had troubles with my mails and haven't seen your message.

Sorry for the duplicate request and thanks for the man page !

Cheers,

-- Nicolas

----- Mail original ----- De: "Steve Vinoski" notifications@github.com À: "klacke/yaws" yaws@noreply.github.com Cc: "Nicolas Thauvin" qux@free.fr, "Mention" mention@noreply.github.com Envoyé: Samedi 19 Janvier 2019 14:19:35 Objet: Re: [klacke/yaws] Support for eccs SSL option (Elliptic Curve Cryptography). (#357)

I've already rebased this to master, so please ignore the conflicts warning above.

Thanks again for contributing this.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub , or mute the thread .

[etnt]

What a coincidence; I was just preparing a patch for this, taken from our code base.