Getting started with wolfSSL`s ECC

Release 2.4.6 of wolfSSL is the first to include our ECC implementation publicly.  Let`s look at how to get started using the ECC features.  First, you`ll need to turn on ECC.  With the autoconf system this is simply a configure flag:

./configure –enable-ecc
make
make check

Note the 96 different TLS cipher suites that make check verifies.  You can easily use any of these tests individually, e.g., to try ECDH-ECDSA with AES256-SHA you can start our example server like this:

./examples/server/server -d -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem

-d disables client cert check while -l specifies the cipher suite list.  -c is the certificate to use and -k is the corresponding private key to use.  To have the client connect try:

./examples/client/client -A ./certs/server-ecc.pem

where -A is the CA certificate to use to verify the server.  To have an OpenSSL client connect the wolfSSL server you could do:

openssl s_client -connect localhost:11111

since wolfSSL uses the port 11111 by default, though this can be changed with the port option -p.  To allow the server to bind to any interface instead of the default localhost use the -b option.  A full list of options can be seen with -?.