If the negotiated cipher suite for an RSA encrypted client-server
session does not involve using the RSA public keys, then when is RSA
used in that session ?
Not sure to fully understand your question, but the answer may be :
'Just for [server] authentication'
Hope this helps.
> From: owner-openssl-users On Behalf Of Patrick Pelletier
> Sent: Friday, October 25, 2013 02:53
> On 10/24/13 1:59 PM, Dave Thompson wrote:
>
> > (For EC, the specified curve must also be acceptable to client(s) per
> > ClientHello extension,
> > which encourages using the callback or choosing
> From: owner-openssl-users On Behalf Of Viktor Dukhovni
> Sent: Friday, October 25, 2013 09:46
> On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote:
>
> > I mean in a typical usage of OpenSSL is it mandatory to call
> > SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate()
> > and SSL_CTX_use
Is it recommended to specify and use DH parameters for server ?
I know that RSA encryption/decryption is slow and this is why RSA public keys
are used only for establishing the session key which is a symmetric key usually
because symetric key encryption is fast.
If the negotiated cipher suite for
On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote:
> I mean in a typical usage of OpenSSL is it mandatory to call
> SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate()
> and SSL_CTX_use_PrivateKey().
No, this is optional.
> I know that for RSA keys, for example, the session key exchange is
Hi,
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I callĀ SSL_CTX_use_certificate() andĀ
SSL_CTX_use_PrivateKey(). I know that for RSA keys, for example, the session
key exchange is done using the public keys of the client and server.
If my understanding is
On Thu, Oct 24, 2013 at 11:52:36PM -0700, Patrick Pelletier wrote:
> >(For EC, the specified curve must also be acceptable to client(s) per
> >ClientHello extension,
> >which encourages using the callback or choosing a popular curve like P-256.)
>
> So, my understanding is that if the "tmp_ecdh"
On 10/24/13 1:59 PM, Dave Thompson wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the "tmp_ecdh" is set to a curve which
is not sup
Do you mean SSL/TLS the protocols and OpenSSL the implementation?
For SSL when an ADH or EDH aka DHE suite is negotiated, the server must send
DH parameters
and its (nominally one-time) public key, and the client uses or at least
matches the parameters
and sends its (ditto) public key. Simi