Release 2.4.6 of wolfSSL is the first to include our ECC implementation publicly. Let`s look at how to get started using the ECC features. First, you`ll need to turn on ECC. With the autoconf system this is simply a configure flag:
Note the 96 different TLS cipher suites that make check verifies. You can easily use any of these tests individually, e.g., to try ECDH-ECDSA with AES256-SHA you can start our example server like this:
./examples/server/server -d -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem
-d disables client cert check while -l specifies the cipher suite list. -c is the certificate to use and -k is the corresponding private key to use. To have the client connect try:
./examples/client/client -A ./certs/server-ecc.pem
where -A is the CA certificate to use to verify the server. To have an OpenSSL client connect the wolfSSL server you could do:
openssl s_client -connect localhost:11111
since wolfSSL uses the port 11111 by default, though this can be changed with the port option -p. To allow the server to bind to any interface instead of the default localhost use the -b option. A full list of options can be seen with -?.