On Thu, Aug 27, 2009, Ram G wrote: > Hello, > > Going through various posts, I have come across references to Bodo Moeller's > example code showing SSL communication without certificates and using > anonymous DH key exchange. If anybody has that sample, can you please > forward it ? > > I have written a client and server taking help from the sample programs. I'm > generating the DH params in the server and setting it in the SSL context. > I'm setting the cipher as ADH-AES256-SHA in both server and client. The > client and server are communicating. > > To generate the DH parameters P & G, I have done this: > > 1) Calling DH_generate_parameters() in the server will generate the Prime P > 2) Calling DH_generate_key() performs the first step of a Diffie-Hellman key > exchange by generating private and public DH values. > > Documentation also talks about this call to generate the shared key: > > 3) Calling DH_compute_key(), these are combined with the client's public > value to compute the shared key. (My program is working even without the > DH_compute_key() call in the server - which is strange I think) > > What I'm not sure is : > > What is the call I need to make in the client to pass the client's public > key ( G (power X) mod P ) to the server ? > > I'm working on a prototype and beginning to get my hands dirty with OpenSSL. > Your help is greatly appreciated. >
All you need to do is to generate parameters and pass those to the server side. Key generation, shared secret computation and passing keys and parameters between client and servers are handled automatically by OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
