Hi, I have a question about temporary keys. Is it safe to pre-generate an RSA key and DH params for temporary key purposes and then use the same as long as the server stays up. What is a simple and secure policy for doing this? The SSL spec says that you should ideally change the keys every few hundred connections. But in mod_ssl 2.4.2-1.3.9 it seems the server uses the same keys throughout. For DH params (even though they are hard-coded) it seems ok, as it generates a new key everytime during the handshake, but for RSA it will keep using the same key for each handshake. Using the same RSA key definitely cuts down handshake time, but does that make it vulnerable to attacks? Thanks, Amit. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
