Elliptic Curve Cryptography

Overview

Elliptic Curve Cryptography is a form of public-key cryptosystem.
Compared to currently prevalent cryptosystems, ECC offers equivalent security with smaller key size. This results in conservation of power, memory, bandwidth, and the resultant computational cost.

Starting with Avi Vantage 21.1.1, Avi Vantage supports configuring Elliptic Curve Cryptography (ECC) Cipher Suites in an SSL profile.

Configuring EC Named Curve

The following named curves or groups are supported for virtual services:

  • secp256r1 (23)
  • secp384r1 (24)
  • secp521r1 (25)
  • x25519(29)
  • x448(30)

To configure the EC Named curve, Named Curve (TLS Supported Groups) in SSL Profile configuration, the field configure ec_named_curve is introduced.

By default this field is set to auto as shown below:


show sslprofile System-Standard

ECC

This implies that the secp256r1 (23), secp384r1 (24) and secp521r1 (25) curve group is supported by default.

Configure x25519 and x448 as shown below:


configure sslprofile System-Standard

sslprofile> ec_named_curve P-256:X25519:X448
Overwriting the previously entered value for ec_named_curve

sslprofile>save

Document Revision History

Date Change Summary
August 06, 2021 Created the article for Elliptic Curve Cryptography (Version 21.1)