>From: owner-openssl-us...@openssl.org On Behalf Of Yijun Wu >Sent: Tuesday, 27 August, 2013 01:07
>It seems that when DHE-related cipher suites are used connection >can not be established if the dhparam is not set on the server side. >However, when dhparam is set on the server side the connection can >always be established regardless of whether it is set on the client >side. Of course other parameters are set correct. DHE and DH-anon, yes. By definition of Diffie-Hellman both parties must use the same parameters (p, g, maybe qsize) and by definition of SSL/TLS for DHE and DHA params are chosen by the server and sent in ServerKeyExchange. (For fixed-DH they are in each cert and must be the same in both. Within an organization or small community this can be achieved by using the same CA which forces all certs to have, and thus all certified EEs to use, the same parameters. Otherwise you're pretty much on your own. Also note that released OpenSSL doesn't yet have fixed-DH, but it reportedly will soon.) OpenSSL disables the DH-anon suites by default, because using nonauthenticating suites is a bad idea, but does implement them. Analagously for ECHDE and ECDH-anon, versus fixed-ECDH. But here the picture changes some because there are about 3 dozen curves standardized (aka 'named' curves) for TLS, versus similar numbers standardized for other purposes, versus a near-infinite number of custom curves, but it's much more work to generate a good ECC curve than a good prime for DH (or DSA) so people almost always use the named curves. In fact people seem to mostly use the two named curves chosen by NSA for Suite B (P-256 and P-384), so in practice getting certs at both ends for fixed-ECDH to use the same curve is less difficult. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
