ECC COMPATIBILITY
 

ECC is short for Elliptic Curve Cryptography and is an alternative approach to public key cryptography over other standards such as RSA. Read our ECC article for more information. The tables below cover ECC compatibility across different browsers, operating systems, and platforms.

Note that there are different curves within ECC and the compatibility tables below only apply to the NIST approved prime-curves P-256 and P-384 which are also supported by TRUSTZONE.

Also note that for some servers and libraries, the minimum version may not be the same across all platforms. For example, while OpenSSL added support for ECC in 0.9.8, not all servers and operating systems leveraging OpenSSL were compiled with this support enabled. CentOS enabled ECC in OpenSSL starting with version 6.5. Another example is Ubuntu 12.04 LTS enabled ECC support in Apache 2.2.22-1ubuntu1.9.

OPERATING SYSTEM SUPPORT 
Operating System Minimum Version Required
Apple OS X [1] OS X 10.6
Google Android 4.0
Microsoft Windows [2] Windows Vista
Red Hat Enterprise Linux [3] 6.5
BROWSER SUPPORT 
Browser Minimum Version Required
Apple Safari 4 (On ECC compatible OS)
Google Chrome* 1.0 (On ECC compatible OS)
Microsoft Internet Explorer** 7 (On ECC compatible OS)
Mozilla Firefox*** 2.0

*Chrome utilises the cryptographic libraries of the operating system on which it is installed. As a result, Chrome 1.0 can process ECC certificates on Windows Vista+ but not on Windows XP.

**Internet Explorer utilises Windows system libraries for cryptographic functions. As a result Internet Explorer 7 on Windows XP will not support ECC, but will support on Windows Vista+ / Server 2008+.

***Mozilla Firefox utilises the NSS (Network Security Services) libraries to handle cryptographic functions like SSL, TLS, and certificate validation independent of the operating system's cryptographic libraries. This means Firefox 2.0+ will handle ECC certificates even on operating systems that do not natively support ECC such as Windows XP.

SERVER SUPPORT
Server Minimum Version Required
Apache HTTP Server [4] 2.2.26
Apache Tomcat [5] 1.1.30
Dovecot [6] 2.2.5
IBM HTTP Server [7] 8.0+ w/PM80235
NGINX [8] 1.1.0
Windows Server [2] 2008
LIBRARY SUPPORT
Library Minimum Version Required
Bouncy Castle [9] 1.04
GnuTLS [10] 2.99.2
Java [11] JDK 5
NSS [12] 3.8
Open SSL [13] 0.9.8
Open SSL FIPS Object Module [14] FIPS Object Module 2.0 (Open SSL 1.0.1)
SOURCES

[1] Snow Leopard Security Configuration
[2] Cryptography Next Generation
[3] RHEL 6.5 Release Notes
[4] Apache 2.2 Changelog
[5] Tomcat Release Notes
[6] Dovecot News 2.2.5 Released
[7] IBM PM80235
[8] NGINX Changelog
[9] Bouncy Castle – ECC Key Pair Generation
[10] GnuTLS Changelog
[11] JDK 5 – ECC Support
[12] Bug 195135 – Add support for Elliptic Curve Cryptography to NSS & SSL?
[13] OpenSSL 0.9.8 Release Notes
[14] ECC & OpenSSL Version