[[EMAIL PROTECTED] - Thu Nov 14 18:54:19 2002]: > > RFC 2246 is very vague: > > """ > 8.1.2. Diffie-Hellman > > A conventional Diffie-Hellman computation is performed. The > negotiated key (Z) is used as the pre_master_secret, and is > converted > into the master_secret, as specified above. > """ > > [looks like this was copied directly from Netscape's SSLv3 docs] > > What "conventional" is supposed to mean in this case is totally > unclear to > me. If I read this with no other knowledge, I would probably assume > conventional == compatible with PKCS #3, since that was the DH > standard of > choice around the time SSLv3 came out, and since Netscape probably > used > B-SAFE for the initial SSL implementations. OTOH, who knows? >
None of the older version of Netscape implemented DH ciphersuites, dunno if any of their internal stuff ever did though. I did add EDH client only ciphersuite support to later versions of NSS which may be in some versions of Mozilla. It never had any interop problems with OpenSSL (other than a known issue with SSLv3 and DSS signature format). I could just have been lucky (or arguably unlucky). That uses their own internal security library, not sure what it does though. I'll dig out the NSS source and see if I can work out if it does the same as us. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
