Hi, I have some questions on ephemeral keying.
1. In the man page for SSL_CTX_set_tmp_dh_callback the example shows that the same params are used for all connections. Is it safe? 2. I have seen the man page for dhparam. The generators can be 2 or 5. Why only two generators are used? Which one is preferred out of 2 and 5? 3. I have seen some implementations like PostgreSQL hard coding the dh params in case a file generated using dhparam is not available. Is it safe to do it? 4. Will the callback supplied to SSL_CTX_set_tmp_rsa_callback be called for each connection or will it be called only once in the life time of the application? If it is called only once then does it mean the same key is used for all connections? The example in the man page for SSL_CTX_set_tmp_rsa_callback shows that only one time the key is generated. 5. The man page for SSL_CTX_set_tmp_rsa_callback says that we need to seed the PRNG. How do we do that typically? Thanks JB ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
