# Elliptic Curve Cryptography

Java supports all DHE-RSA related SSL cipher suites, but uses different names than OpenSSL.

Elliptic Curve Cryptography (ECC) is an encryption
technique that provides public-key encryption similar to RSA. While
the security strength of RSA is based on very large prime numbers,
ECC uses the mathematical theory of elliptic curves and achieves the
same security level with much smaller keys.

The mathematical background
of ECC is described in RFC 6090:

```
http://tools.ietf.org/html/rfc6090
```

The use of ECC in SSL/TLS is described in RFC 4492.`http://tools.ietf.org/html/rfc4492`

In
practice, ECC is often used with Diffie-Hellman to speed up performance.
ECC does not replace RSA for authenticating the communication partners,
but is used for generating the ephemeral DH session key with the help
of an EC private key. RSA is still used for providing authentication.
The related SSL cipher suites all have ECDHE-RSA in their names and
complement the plain DHE-based cipher suites.The main advantage of Elliptic Curve Cryptography with Diffie-Hellman (ECDHE-RSA) over plain Diffie-Hellman (DHE-RSA) is better performance and the same level of security with less key bits. A disadvantage is the additional effort for creating and maintaining the EC key.

The next section shows how to set up and use ECDHE-RSA on z/VSE.