Peter Djalaliev wrote:
> In the SSL_ImplementedCiphers data structure in sslenum.c, I don't find
> any cipher suites that use non-ephemeral Diffie-Hellman key exchange
> that doesn't involve elliptic curve cryptography.
> In particular, the cipher suites I am interested in are:
> Is it really the case that NSS implements only ephemeral DH cipher
> suites?  If yes, why is that the case?

We don't implement any of the "anon" suites as a matter of policy.
That is, we've decided that the anon suites are not appropriate for
the security of our client and server programs.

We didn't implement SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA (IIRC) because
there was no apparent demand, whereas there was definite demand for
DHE.  DHE offers "perfect forward secrecy" and costs little/no more
computation effort than DH, so it seems superior in all respects.
I'm not aware of ANY CA that offers certs containing DH pub keys.
Are you?

Nelson B
mozilla-crypto mailing list

Reply via email to