>> In order to use DH-RSA-DES-CBC3-SHA or >> DH-DSS-DES-CBC3-SHA ciphers, how can I: >> >> 1. generate a private key? >> 2. request a CSR? >> 3. sign that CSR using demoCA? > >The EDH-RSA-DES-CBC3-SHA cipher is using ephemeral DH keys with RSA >authentication, so you can stay with the normal RSA keys you already >have(?). >Additionally, your code must have a temporary DH key available. >Based on the list of ciphers the client presents, the first cipher the >OpenSSL based server suppports is used. >If the EDH ciphers are listed early, they are used. Thanks for your answer, but I don't know how to sign a DH parameters so it can be used for DH key exchange... (I am really a newbe :-) ) PS. do you have openssl-novice-users mailing list? maybe I should ask there :-) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
