Am 01.01.14 21:10, schrieb Steffan Karger: > This code would not really generate ephemeral keys every time it is called, > but a single key that would be reused during process lifetime and returned > each time the function was called; probably not what users would expect. > > TLS allowes ephemeral keys to be used only when no other key exchange, such > as (ephemeral) Diffie-Hellman, is performed. The end result is that it was > only used by a number of (weak) export ciphers, which could give users a > false sense of security. > > So, instead of fixing a weak cipher mode, we'll just remove support for it > completely. Plenty of better alternatives are available in TLS. > ACK. (reading SSL_CTX_set_tmp_rsa_callback is scary btw).
Arne
