In the manual page for SSL_CTX_set_tmp_dh function it is recommended to always set temporary Diffie-Hellman parameters for the server SSL_CTX, in case if client would negotiate some ciphersuite which uses ephemeral DH key agreement.
Some application authors choose to not compile these parameter in, and rather require users to provide parameter set in the file, specified in configuration. But for some setups, especially in OpenSSL 1.0, which supports EC ciphersuites, dh parameters are not neccessary. Set of ciphersuites can be explicitely (or implicitely by providing only keys with particular algorithm) restricted to exclude every ciphersuites with ephemeral DH, and anonymous DH is disabled by default. In the recently build OpenSSL 1.0 (with gost engine enabled) openssl ciphers 'DEFAULT:!DH' reports 35 ciphersuites (including kRSA, ECDH, PSK and GOST). So it would be nice to let users live without completely unneccessary temporary DH parameters. I see two ways of doing so: 1. If dh parameters are not specified in the application configuration file, add ':!DH' to the end of ciphersuite list, thus restricting application to the ciphersuites which do not need tmp DH parameters. (which may result in empty cipher list and failure to start). 2. Check cipher list for any ciphersuite which need DH parameters and complain loudly (giving fatal configuration error) if such ciphersuite is enabled, but DH parameters are not provided. For my typical case (using GOST only) both ways would do the job. But which one is generally better and would be more acceptable for application authors? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
