When do I need to install dh parameters?

Sat, 02 Oct 2010 15:15:56 -0700

Conceptually, I'm trying to understand when I need to install DH parameters if I'm using RSA certificates, using gnutls_certificate_set_dh_params(). I understand that DH parameters are required when using DH server certs, but I've got a bunch of test code (an internal testsuite) that uses RSA certs, with gnutls on both the client and server side, setting up TLS sessions in various ways -- installing a certificate up front, on the server side, or using a callback to return a certificate for particular TLS sessionm, etc.
I find that sometimes I can get through a handshake without loading DH parameters, other times handshake fails unless I install them. As far as I can see that's the only major difference between my code that works without DH parameters, and the one that fails to handshake unless DH parameters are installed. Am I on the right track, or are there also other situations? 




Attachment:
pgpxXs3geWrTB.pgp

Description: PGP signature


_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls






















					Reply via email to