Joerg Bartholdt <[EMAIL PROTECTED]>:
> I'm currently scanning what CipherSuite Openssl can do and measure the
> performace.. But I did not succed in using any DH-cipher, because
> the matching of what ciphers my program can do and the required cipher
> does not work correctly.
The application has to provide the DH parameters, they are not created
automatically. Look at mod_ssl for example.
> I set for example ADH-DES-CBC3-SHA for client and server as the only
> cipher to use, but ssl3_choose_cipher fails, because the algorithms & mask
> fails: SSL_kDH is not available with the RSA certificate my programs
> load by default.
> As far as I know, anonymous DH does not need any kind of certificate, [...]
Anonymous DH is disabled by default, there's a compile-time option to
use it. Expect changes in some future version of OpenSSL.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
