>From: owner-openssl-us...@openssl.org On Behalf Of Yijun Wu
>Sent: Tuesday, 27 August, 2013 01:07

>It seems that when DHE-related cipher suites are used connection 
>can not be established if the dhparam is not set on the server side. 
>However, when dhparam is set on the server side the connection can 
>always be established regardless of whether it is set on the client 
>side. Of course other parameters are set correct. 

DHE and DH-anon, yes. By definition of Diffie-Hellman both parties 
must use the same parameters (p, g, maybe qsize) and by definition 
of SSL/TLS for DHE and DHA params are chosen by the server and sent 
in ServerKeyExchange. (For fixed-DH they are in each cert and must 
be the same in both. Within an organization or small community 
this can be achieved by using the same CA which forces all certs 
to have, and thus all certified EEs to use, the same parameters.
Otherwise you're pretty much on your own. Also note that released 
OpenSSL doesn't yet have fixed-DH, but it reportedly will soon.)

OpenSSL disables the DH-anon suites by default, because using 
nonauthenticating suites is a bad idea, but does implement them.

Analagously for ECHDE and ECDH-anon, versus fixed-ECDH. But here 
the picture changes some because there are about 3 dozen curves 
standardized (aka 'named' curves) for TLS, versus similar numbers 
standardized for other purposes, versus a near-infinite number 
of custom curves, but it's much more work to generate a good 
ECC curve than a good prime for DH (or DSA) so people almost 
always use the named curves. In fact people seem to mostly 
use the two named curves chosen by NSA for Suite B (P-256 
and P-384), so in practice getting certs at both ends for 
fixed-ECDH to use the same curve is less difficult.

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to