Hi, I mean in a typical usage of OpenSSL is it mandatory to call SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate() and SSL_CTX_use_PrivateKey(). I know that for RSA keys, for example, the session key exchange is done using the public keys of the client and server. If my understanding is correct, the DH parameters are used for key exchange also. So if public key are used, is there a situation when the DH parameters will be used instead for key exchange. So is my understading correct, that DH might be used if the client uses a protocol for key exchange that is based on DH and if the server doesn't have the DH parameters, the negociation will fail ?
Thank you! On Friday, October 25, 2013 4:03 PM, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote: On Thu, Oct 24, 2013 at 11:52:36PM -0700, Patrick Pelletier wrote: > >(For EC, the specified curve must also be acceptable to client(s) per > >ClientHello extension, > >which encourages using the callback or choosing a popular curve like P-256.) > > So, my understanding is that if the "tmp_ecdh" is set to a curve > which is not supported by the client, then OpenSSL ought to just > skip the elliptic curve cipher suites and pick the next acceptable > cipher suite supported by both the client and server. Is this not > the case? > > I was puzzled by this message: > > http://www.metzdowd.com/pipermail/cryptography/2013-October/018330.html With respect to the OpenSSL server implementation I was wrong. The issue was a bug in the RedHat OpenSSL package's recently introduced EC support advertising curves it did not implement. The issue is still possible if clients both send SSLv2 compatible HELLO (thus no extensions) and include EC ciphersuites. Since SSLv2 is now disabled by default, one might say they should not do that. > The following draft also seems to suggest the same thing, that if > client and server both support an elliptic curve suite, they will > pick it, and then discover that they don't have any curves in > common, and give up, rather than picking a non-EC suite: > > http://datatracker.ietf.org/doc/draft-gutmann-tls-eccsuites/ That's a deeper set of issues, that are still relevant. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org