Jagannadha Bhattu wrote:
1. If we do not set SSL_OP_SINGLE_DH_USE then the same public and private keys are used for all connections? If so how can this provide security at all as one client can decrypt other client's messages?
Different clients would get different common DH secret values. That is, client public DH key power server private key.
2. Is it required to seed the random number generator whenever we use SSL? or only in cases where it is explicitly asked such as in the documentation of RSA_generate_key.
It's reasonable to seed all the time your application have some hard to predict data
3. According to my understanding, SSL private key and public key are RSA keys and for ephemeral keying we can use another set of RSA keys or with the key generated by DH params. Let me know if my understanding is wrong. If this is the case then in the supported
Ephemeral key is required if SSL server key could only be used for signing, say DSA. RSA could be used without ephemeral keys because SSL server could decrypt client's secret with RSA.
ciphers list that we get with the command "openssl ciphers -v 'ALL'", I see 3 fields: key exchange (Kx), Authentication (Au) and Encryption (Enc). What is the meaning of all these fields? At what phase of SSL protocol does all these things come into picture and how they work? Where can I get detailed documentation about all these?
SSL/TLS1 specifications could be something to start from
Thanks JB ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]