Apache supports ECC Certificates and Protocols as of version 2.2.26. Though if you are using an Apache server from a distro's repository it may be the same version. Ubuntu for example added support in version 2.2.22-1ubuntu1.9.
If you have a version that supports ECC certificates, it should be enabled by default. Assuming you're using OpenSSL, the commands to generate an ECC key and CSR are:
ECC P-256 Key:
openssl ecparam -out server.key -name prime256v1 -genkey
ECC CSR:
openssl req -new -key server.key -out server.csr
The installation steps for ECC certs in Apache are identical to RSA. You'd still specify the public key entry, private key entry, and the relevant intermediates. Just double check that your CA supports the issuance of ECC certificates. You can double check ECC compatibility to address any concerns with connecting clients.
Best Answer
EventSource
should be fine with mod_proxy, sinceEventSource
is less complex in communications and runs on your Application layer (HTML), as long as you enable persistent connections (Keep Alives).I've found a fair bit of issues with WebSockets over proxies, particularly over large corporate networks, which employ proxy routers that don't allow persistent connections, so you might find this may also have an impact for any live communication. A
Comet
fallback (then AJAX polling) might be a good backup plan just in case.If you're looking for a way to push live server events and only need the one-way communication, you should check out Pusher or some sort of polyfill for backward support. :)
Hope that helps.