Hi! 2010/5/19 Dr. Stephen Henson <st...@openssl.org>: > On Wed, May 19, 2010, Ingela Andin wrote: > >> >> >From OpenSSL documentation: >> "The non-ephemeral DH modes are currently unimplemented in OpenSSL >> because there is no support for DH certificates." >> >> Question: Why is this? Is it something that you plan to implement? Or >> is this functionallity >> something that is not widly used so you choose not to implement it? >> > > Not widely used is an understatement. DH certificates are very rare: I've only > come across a handful of DH certificates so far. They are awkward to generate > too: you need a different algorithm to handle certificate requests (as you > can't sign with the base algorithm). I'm not aware of any public CA that > issues DH certifictes.
Thank you very much for conforming my suspicions now we do feel more comfortable with the decision not to support DH cipher suites, atleast not now. Considering that the United States lifted the export restrictions in 2000, we feel fairly comfortable with not implementing export ciphers either. [...] Regards Ingela ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
