Hi Quanah
I tested the RE24 branch specifically for the ECC support, but the default behaviour seems to depend on the OpenSSL version.
With OpenSSL 1.0.1 (CentOS 6) and OpenSSL 1.0.2 (CentOS 7), it does not use ECC until I explicitly set a curve in oclTLSECName. There is no default value? This is contrary to expectation, most TLS enabled software enable ECC by default, based on the configured cipher string.
However with OpenSSL 1.1.1 (Arch Linux), it does work out of the box, and appears to use prime256v1,secp384r1,secp521r1 (openssl builtin default?).
But, I can only override it with a single curve, since oclTLSECName is single-valued. And colon, comma or otherwise separated is not accepted (TLS: could not use EC name `prime256v1,secp384r1,secp521r1').
OpenSSL supports multiple curves in configuration starting with 1.0.2, so I'd expect the same behaviour with 1.0.2 as with 1.1.1, not as with 1.0.1. So I'm confused, as the code seems to do nothing OpenSSL version specific.
Geert