Hi!
I made a small modification to s3_clnt.c to support reusing the ephemeral
Diffie-Hellman key on client side.
I have a centrally managed system with many servers and single client
which communicate using SSL. I use EDH ciphers to ensure PFS and all
servers use the same set of Diffie-Hellman parameters. Client will connect
to all servers on startup. During SSL handshake server sends his DHparams
to client and client will generate different key for every server. This
is quite expensive and will hang client for minute or so.
But since client knows the DH parameters he can pregenerate single DH key
for all servers and when parameters sent by server match the parameters of
the pregenerate key use it.
I have attached diff to s3_clnt.c which allows one to use
SSL_CTX_set_tmp_dh on client side.
Arne
patchs3
