The relevant RFCs and other implementations refer to Diffie-Hellman
ephemeral key exchange as "DHE" (and its elliptic curve variant as
"ECDHE").  OpenSSL uses this terminology in some places, but it also
uses "EDH" and "EECDH" in others.  This confusion makes selecting
these key exchange mechanisms harder for administrators to understand.

For example, there is a ciphersuite that openssl calls
EDH-RSA-DES-CBC3-SHA, and another one called DHE-RSA-AES128-SHA, whose
only difference is the choice of the cipher.

Another example is that "openssl ciphers -v EECDH" emits no
ciphersuites named with "EECDH" in them, but rather produces all
"ECDHE" strings.  And "openssl ciphers -v ECDHE" fails with "Error in
cipher list".

I posted a series of 10 changesets to openssl-dev which standardizes
OpenSSL's input, API, and output on the standard names (DHE and ECDHE)
while retaining backward compatibility for string input and API for the
older EDH and EECDH terminology.

See: Message-ID:
<>, e.g. at
and following messages in that thread.


OpenSSL Project                       
Development Mailing List             
Automated List Manager                 

Reply via email to