While transport model for TLS mainly supports RSA and EC algorithms for private keys (see ietf-crypto-types) the netconf-keystore implementation is only able to serve RSA and DSA algorithms when parsing private key binaries (see DefaultSslHandlerFactoryProvider). 

It seems reasonable to add support for EC algorithm to DefaultSslHandlerFactoryProvider for consistency.