The relevant RFCs and other implementations refer to Diffie-Hellman ephemeral key exchange as "DHE" (and its elliptic curve variant as "ECDHE"). OpenSSL uses this terminology in some places, but it also uses "EDH" and "EECDH" in others. This confusion makes selecting these key exchange mechanisms harder for administrators to understand.
For example, there is a ciphersuite that openssl calls EDH-RSA-DES-CBC3-SHA, and another one called DHE-RSA-AES128-SHA, whose only difference is the choice of the cipher. Another example is that "openssl ciphers -v EECDH" emits no ciphersuites named with "EECDH" in them, but rather produces all "ECDHE" strings. And "openssl ciphers -v ECDHE" fails with "Error in cipher list". I posted a series of 10 changesets to openssl-dev which standardizes OpenSSL's input, API, and output on the standard names (DHE and ECDHE) while retaining backward compatibility for string input and API for the older EDH and EECDH terminology. See: Message-ID: <1387528669-26823-1-git-send-email-...@fifthhorseman.net>, e.g. at http://thread.gmane.org/gmane.comp.encryption.openssl.devel/23577/focus=23579 and following messages in that thread. --dkg ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
