Thank you Viktor, and Jeff, and Dr. Steve. +-+-+-+-+-+-+-+-+- Dave McLellan, Enterprise Storage Software Engineering, EMC Corporation, 176 South St. Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749 Office: 508-249-1257, FAX: 508-497-8027, Mobile: 978-500-2546, [email protected] +-+-+-+-+-+-+-+-+-
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Viktor Dukhovni Sent: Thursday, June 26, 2014 9:46 AM To: OpenSSL Users List Subject: Re: cipher list experiments - what's preventing ECDHE? On Thu, Jun 26, 2014 at 09:30:49AM -0400, Jeffrey Walton wrote: > > 1. ECDHE-ECDSA-AES128-GCM-SHA256 > > > > 2. ECDHE-RSA-AES128-GCM-SHA256 > > > > 3. DHE-RSA-AES128-GCM-SHA256 > > The server needs an ECDSA key and certifcate to provide ECDSA. Its not > clear if you have it. Only for "1". > I'm not sure why ECDHE-RSA-AES128-GCM-SHA256 is not selected. Typically, no ECDH parameters set with SSL_CTX_set_tmp_ecdh(). Given RedHat and others shipping only P-256 and P-384, the most interoperable choice is to use one of these two. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
