On Fri, Jan 21, 2000 at 10:32:11AM +0100, [EMAIL PROTECTED] wrote:
> >> In order to use DH-RSA-DES-CBC3-SHA or
> >> DH-DSS-DES-CBC3-SHA ciphers, how can I:
> >>
> >> 1. generate a private key?
> >> 2. request a CSR?
> >> 3. sign that CSR using demoCA?
> >
> >The EDH-RSA-DES-CBC3-SHA cipher is using ephemeral DH keys with RSA
> >authentication, so you can stay with the normal RSA keys you already
> >have(?).
> >Additionally, your code must have a temporary DH key available.
> >Based on the list of ciphers the client presents, the first cipher the
> >OpenSSL based server suppports is used.
> >If the EDH ciphers are listed early, they are used.
>
> Thanks for your answer, but I don't know how to sign a DH parameters
> so it can be used for DH key exchange... (I am really a newbe :-) )
You don't sign the DH parameters, they exist on their own.
For authentication you use the normal RSA certificates.
There are a lot of hints on creating your own certificates.
My own (simplistic) explanations are at
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
