Can some one answer the 4th and 5th questions
On 7/8/05, Vadym Fedyukovych <[EMAIL PROTECTED]> wrote: > Jagannadha Bhattu wrote: > > Hi, > > > > I have some questions on ephemeral keying. > > > > 1. In the man page for SSL_CTX_set_tmp_dh_callback the example shows > > that the same params are used for all connections. Is it safe? > > Hardness of (computational) Diffie-Hellman problem does not suffer from > using the same group (that is, parameters). > Well, unless someone could force parties into using a known-weak group. > > > 2. I have seen the man page for dhparam. The generators can be 2 or 5. > > Why only two generators are used? Which one is preferred out of 2 and > > 5? > > A reasonable requirement here would be computational Diffie-Hellman > (CDH) problem is hard enough for the group defined by parameters > (modulus and generator). > > > 3. I have seen some implementations like PostgreSQL hard coding the dh > > params in case a file generated using dhparam is not available. Is it > > safe to do it? > > see #1 > > > 4. Will the callback supplied to SSL_CTX_set_tmp_rsa_callback be > > called for each connection or will it be called only once in the life > > time of the application? If it is called only once then does it mean > > the same key is used for all connections? The example in the man page > > for SSL_CTX_set_tmp_rsa_callback shows that only one time the key is > > generated. > > > > 5. The man page for SSL_CTX_set_tmp_rsa_callback says that we need to > > seed the PRNG. How do we do that typically? > > > > > > Thanks > > JB > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
