> - From what I've been able to find, this is a bit overstated. > > There is *one* random number algorithm (Dual_EC_DRBG) associated with > ECC that is believed to have been compromised. That it appeared > is compromised: http://blog.0xbadc0de.be/archives/155 > vulnerable has long been known; Bruce Schneier wrote about it in 2007. > It also happens to be inefficient and so is not widely used (but a few > commercial products use it). > > Apache uses it on some rare cases like 'apache2 uses NID_X9_62_prime256v1 for the ECDH exchange' My idea is to enable EC on centos due to PFS and better encryption levels -- Eero