----- Original Message -----
From: "john easton" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, January 19, 2000 5:51 PM
Subject: HELP! Diffie-Hellman Key Exchange
> Hello,
>
> I have recently set up Apache 1.3.9 with mod_ssl 2.4.10. All that
> worked great and I am able to connect to the encrypted site through my
> browser etc etc.
>
> I do not want to use certificates. It is my understanding that in order
> to run an encrypted site without certificates, it is necessary to use
> Diffie-Hellman key exchange. I have done this (make certificate,
> specifying 'D' at the first prompt), and I have changed my
> SSLCipherSuite directive to the following in order to allow
> Diffie-Hellman ciphers (I think!)
>
> SSLCipherSuite ALL:!RSA:DH:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP
>
> Neither Netscape 4.7 nor IE5 can connect to the web server under these
> conditions, although both claim to support SSLv3 (which Diffie-Hellman
> is a part of, I believe). I know it's possible to run a secure web
> server without certificates as I have been to numerous sites which do
> so.
>
> Can anyone tell me what I'm doing wrong here?
>
> Thanks in advance,
>
> John Easton
> Back Office Team,
> NrG Information Services Inc.
> Calgary, Alberta
> (403)974-1318
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
It may not be enough. I think you need to edit the SSL.H file. The default
in the ssl.h file define is to disable ADH.
lin geng
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
