This section explains the steps to configure the EC named curve.

Elliptic Curve Cryptography is a public-key cryptosystem that offers equivalent security with a smaller key size than currently prevalent cryptosystems. This results in conserving power, memory, bandwidth, and the resultant computational cost.

Configuring EC Named Curve

The following named curves or groups are supported for virtual services:

  • secp256r1 (23)

  • secp384r1 (24)

  • secp521r1 (25)

  • x25519(29)

  • x448(30)

To configure the EC Named curve, Named Curve (TLS Supported Groups) in SSL Profile configuration, the field configure ec_named_curve is introduced.

By default, this field is set to auto, as shown below:

show sslprofile System-Standard



This implies that the secp256r1 (23), secp384r1 (24) and secp521r1 (25) curve group is supported by default.

Configure x25519 and x448 as shown below:

configure sslprofile System-Standard

sslprofile> ec_named_curve P-256:X25519:X448
Overwriting the previously entered value for ec_named_curve

sslprofile>save