Hi Michael, Thanks for very detailed answers. This will surely help me to investigate further.
Regards Jaya On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Salz, Rich via openssl-users > > Sent: Wednesday, December 06, 2017 08:50 > > > You can re-use the keys, but then you get no forward secrecy, and > sessions generated with one connection are > > vulnerable to another. > > If you reuse keys, yes; but you still get PFS if you only reuse the same > group and generate ephemeral keys (assuming sufficient group strength, > where "sufficient" depends on the size of the group and its value to > well-resourced attackers). I thought that was what the original poster was > asking about. > > > Why are you using DH? Unless you have compelling reasons (interop with > legacy), you really should use ECDHE. > > Interop would be the usual reason. And since supporting DHE properly is a > small fixed cost (generate a group or pick one from RFC 7919, hard-code it, > and set it in each SSL_CTX), you might as well do it, no? > > But I agree that the ECDHE suites are generally preferable when the client > supports them. I know there's some NSA FUD around ECC since they pulled it > from the Suite B recommendations in 2015.[1] I still think the published > evidence supports using ECC, though. On the other hand, and per today's > other thread on the subject, there may be legal concerns around the use of > ECC. > > > [1] Matt Green has a nice discussion of this, including a link to the > great paper Koblitz and Menezes wrote about it, here: https://blog. > cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ > > -- > Michael Wojcik > Distinguished Engineer, Micro Focus > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users