hey folks--

I'm working on a set of patches that will hopefully normalize the
terminology for PFS key exchange within OpenSSL to the terms that the
rest of the world uses.  (Keeping backward compatibility is one of my
goals too, of course).

In particular, i'm concerned that when the rest of the world (including
the TLS RFCs) talk about DHE and ECDHE, OpenSSL sometimes (but not
always!) talks about EDH and EECDH.  PFS is confusing enough without

i note that ssl/tls1.h says:

   561  /* XXX
   562   * Inconsistency alert:
   563   * The OpenSSL names of ciphers with ephemeral DH here include the 
   564   * "DHE", while elsewhere it has always been "EDH".
   565   * (The alias for the list of all such ciphers also is "EDH".)
   566   * The specifications speak of "EDH"; maybe we should allow both forms
   567   * for everything. */

I'm unclear particularly about line 566.  Which specifications speak of "EDH"?

RFC 2246 (TLS 1.0), RFC 4346 (TLS 1.1), and RFC 5246 (TLS 1.2) all say
only DHE, and never mention EDH.

The retrospective RFC 6101 (SSL 3.0) also mentions DHE but not EDH.

So which specifications does line 566 refer to?


Attachment: pgpQr_SOLJxRf.pgp
Description: PGP signature

Reply via email to