Cory Winter wrote:
>
> Hi,
>
> First thanks for the responses with my other posts. All the feedback has been
> very informative and helpful!
>
> I was wondering if there was something *special* that needed to be done when
> creating certificates to be used with the SSL_DH_* ciphers. The reason I ask
> is because I have created a test client which can negotiate all ciphers with
> a test server except the fixed diffie ciphers. These ciphers cause the
> handshake to fail. Do I need to add DH info to the certificate/key upon their
> creation?
>
There's a simple answer OpenSSL doesn't support the fixed DH cipher
modes nor the use of DH keys in certificates.
I've never found an implementation of the fixed DH ciphers suites and DH
certificates are almost non existent.
If you are mainly interested in using the "RSA free" cipher suites then
they are supported. You need a DSA certificate and a set of DH
parameters (not a DH key or certificate).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
