> On Jan 29, 2019, at 2:23 PM, Rich Fought <rmf.a...@gmail.com> wrote:
>
> The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers
> are supported:
>
> TLS1.0:
> DH-RSA-AES128-SHA
> DH-RSA-AES256-SHA
The static DH and ECDH ciphers have been removed.
> TLS1.2:
> DH-RSA-AES128-SHA256
> DH-RSA-AES256-SHA256
> DH-RSA-AES128-GCM-SHA256
> DH-RSA-AES256-GCM-SHA256
>
> However, I am unable to see them with openssl ciphers command
>
> > openssl ciphers -v -s DH
>
> All I see are DHE ciphers. DH is needed for compatibility with legacy
> servers.
They are NOT needed for compatibility with legacy servers.
> Are these only enabled via a compile time option? Or is the documentation
> incorrect?
The documentation is likely out of date.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
