On Tue, Aug 25, 2009, Ram G wrote: > Hi, > > I'm trying to use openSSL without certificates and authentication through > Anonymous Diffie-Hellman key exchange. I have managed to successfully > exchange messages between server and client by modifying some of the sample > programs available with the source code. > > The salient features of the modified client and server test programs are: > 1) Not loading certificates > 2) Loading the DH params in the server by reading dhparams.pem > 3) Setting the cipher to ADH-AES128-SHA on both client and server > > I have a question regarding the DH key exchange - don't we have to load DH > params on the client side as well ? > > What I have been able to gather from online sources on DH key exchange is > that > > 1) Alice and Bob decides on the prime P and generator G > 2) Alice decides on a random number X and sends G(power of X) mod P to Bob > 3) Bob decides on a random number Y and sends G(power of Y) mod P to Alice > 4) Both Bob and Alice can calculate the shared secret on their own > > In my test program, I did not do anything on the client side to generate the > shared key. > > I would really appreciate if someone can shed some light on how anonymous DH > works in OpenSSL. >
The DH parameters are supplied by the server and sent to the client during the handshake so the client doesn't need any DH parameters. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
