Greetings, I'm trying to develop a simple SSL module for a web server. I don't have much experience with cryptography and OpenSSL, so I am bit confused about various combinations of cipher suits when performing key exchange and authentication.
1. I assume RSA key exchange and authentication is the most widely used combination. I am I correct to assume that ephemeral RSA and Server Gated Cryptography are not deployed anymore, due to relaxation of the US export regulations? And nobody is using 512-bit keys. 2. If Diffie-Hellman key agreement and DSS authentication is used, ephemeral DH keys must be used. Do I need to do anything special in this case (i.e. loading parameters) or can OpenSSL handle all of this automatically? 3. What about Diffie-Hellman key agreement and RSA authentication. Is this normally handled with ephemeral keys? Is there any advantage of Diffie-Hellman over RSA key exchange? 4. Does anyone actually deploy Diffie-Hellman key agreement and DSS authentication these days? I would think that the majority people would use RSA (better performance). Is DSS simply for old software compatibility?? Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
