After much head scratching, I tracked down the issue to the negotiated cipher suite. I had left in a cipher suite that didn't have DH support, so it ended up picking the one that didn't support DH (only one in common).
Bruce On Wed, May 7, 2008 at 1:39 PM, Bruce Keats <[EMAIL PROTECTED]> wrote: > Hi, > > I am implementing a server that accepts connections from clients over SSL. > I am using Fedora Core 7 which comes with openssl 0.9.8b. I create an SSL > CTX and I disable the SSL session cache (SSL_CTX_set_session_cache_mode), > set the SSL_OP_SINGLE_DH_USE flag (SSL_CTX_set_options) and setup the DH key > gen call back function (SSL_CTX_set_tmp_dh_callback). After the > BIO_do_accept, I create a new SSL object from the SSL CTX and associate the > SSL object with the BIO. The problem is that the call back function never > seems to be called. > Is there something else I need to do to get the SSL connection to use DH? > > Thanks, > Bruce > >
