Deva Seetharam wrote:
>
> Hi
> I am trying to use
> Kx=DH Au=DH Enc=3Des Md=SHA1.
>
> For a DOMESTIC(USA) application,we are trying
> to use DH for both key exchange and authentication,
> 3Des for cipher and SHA1 for message digests.
>
> So, I tried this:
> openssl ciphers -v
> "!RSA:!EXP:!aRSA:!aNULL:kEDH:aDH:3DES:SHA1"
>
> and I get the output:
> EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
> EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
>
> Does it mean that I can't use DH for authentication?
No you can't use DH for authentication. For that you need DH
certificates which OpenSSL doesn't support.
I'm not aware of any library that does support the static DH
ciphersuites.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
