You can generate a raw RSA key on a host using the ipsec newhostkey command. You can list generated keys by using the ipsec showhostkey command. The leftrsasigkey= line is required for connection configurations that use CKA ID keys. Use the authby=rsasig connection option for raw RSA keys.
For example, you can generate X.509 certificates using the openssl command and the NSS certutil command. Because Libreswan reads user certificates from the NSS database using the certificates' nickname in the leftcert= configuration option, provide a nickname when you create a certificate.
Starting with lighttpd version 1.4.29 Diffie-Hellman and Elliptic-CurveDiffie-Hellman key agreement protocols are supported. By default, elliptic curve"prime256v1" (also "secp256r1") will be used, if no other is given. To selectspecial curves, it is possible to set them using the configuration optionsssl.dh-file and ssl.ec-curve.
Instead of using the IIS Crypto Tool the configuration can be set using theWindows Registry. The following Registry keys apply to the newer Versions ofWindows (Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server2012 and Windows Server 2012 R2). For detailed information about the olderversions see the Microsoft knowledgebase articleHow to restrict the use of certaincryptographic algorithms and protocols in Schannel.dll. 2b1af7f3a8