Peter Djalaliev wrote: > In the SSL_ImplementedCiphers data structure in sslenum.c, I don't find > any cipher suites that use non-ephemeral Diffie-Hellman key exchange > that doesn't involve elliptic curve cryptography. > > In particular, the cipher suites I am interested in are: > > SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA and > SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA > > Is it really the case that NSS implements only ephemeral DH cipher > suites? If yes, why is that the case?
We don't implement any of the "anon" suites as a matter of policy. That is, we've decided that the anon suites are not appropriate for the security of our client and server programs. We didn't implement SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA (IIRC) because there was no apparent demand, whereas there was definite demand for DHE. DHE offers "perfect forward secrecy" and costs little/no more computation effort than DH, so it seems superior in all respects. I'm not aware of ANY CA that offers certs containing DH pub keys. Are you? -- Nelson B _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto