Hi Vadim, Vadim Fedukovich schrieb:
>> For a research project I'm working on, I want to use OpenSSL with >> ADH-DES-CBC3-SHA (TLSv1). This means I want to use neither a >> server-side nor a client-side certificate; and the pre-master >> secret shall be established via Diffie-Hellman key exchange. >> >> I understand that the current implementation of SSL_CTX_set_tmp_dh >> (SSL_CTX *ctx, DH *dhkey), which I'm using to set the DH private >> and public key, ignores any existing keys in dhkey->priv_key and >> dhkey->pub_key, and uses only the DH key generation parameters >> (prime and generator) from this structure. Looks like it generates >> random DH keys by its own. > > > A callback is available, to set DH key. See > ssl3_send_server_key_exchange() around s->cert->dh_tmp_cb() for > details. > > That is, one can set this callback instead of SSL_CTX_set_tmp_dh() Thanks for the info. However, the callback is called on the server side only. Any idea about the client side? If not, it's progress anyway. It's probably easier for me to activate the callback on the client side than to fiddle around with the implementation of SSL_CTX_set_tmp_dh. Michael ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
