Hi
I have to interface with a client running
TLS_RSA_WITH_3DES_EDE_CBC_SHA1. My Questions are:
1) Which part in my Server's program dictate using this
TLS_RSA_WITH_3DES_EDE_CBC_SHA1,
beside calling TLSv1_method ?? It seem to me the certificate will
dictate what Asymmetric/symmetric/hash
... will be used. Is it correctly ???
2) For Ephemeral keying, because DH is not involved at all, so that the
ephemeral Diffie-Hellman is not an option. It forces me to add in server
initialization routine something like :
SSL_CTX_set_options(ctx,
SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_EPHEMERAL_RSA)
RSA *rsa;
rsa=RSA_generate_key(2048,RSA_F4,NULL,NULL);
if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
ExitPostmaster(1);
}
RSA_free(rsa);
IS THAT ALL in Server side ???
3) What happen if my client had RSA with less that 2048 bit ?? For me,
it does not matter ( e.g. not break any connection) because in RSA case,
the client will use Server Ephemeral key to encrypt the Pre-Master key.
Is it correctly ???
Please help. I am still on learning mode.
TD
