RE: error in using EC/DSA cert as server cert

Thu, 07 Jun 2012 16:39:35 -0700 

For ecdh_tmp, should it be the same as what is set in the pkey in CTX->CERT? 
What is the purpose of these _tmp keys?

Regards,
-binlu

-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Bin Lu
Sent: Thursday, June 07, 2012 4:04 PM
To: openssl-users@openssl.org
Subject: RE: error in using EC/DSA cert as server cert

But for a DSA key, what DH do I suppose to use?

Thanks,
-binlu

-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Dave Thompson
Sent: Thursday, June 07, 2012 2:39 PM
To: openssl-users@openssl.org
Subject: RE: error in using EC/DSA cert as server cert

>From: owner-openssl-us...@openssl.org On Behalf Of Bin Lu
>Sent: Thursday, 07 June, 2012 14:53

>I am trying to use an ECDSA certificate <snip> the correct cipher suite 
>is not being chosen <snip> dh_tmp, ecdh_tmp and their callback 
>functions <snip> not set
         
>Is some code missing in SSL_CTX_use_PrivateKey() or these dh_tmp, 
>ecdh_tmp values should be set by the application, and how?
         
The latter. You can set them on SSL_CTX (and use for one or more connections) 
or on SSL for one connection (before handshaking, or possibly renegotiation).

SSL_[CTX_]set_tmp_dh or set_tmp_dh_callback for DH (but there are no suites 
that use DH with ECDSA)

SSL_[CTX_]set_tmp_ecdh or set_tmp_ecdh_callback for ECDH 

Also SSL_[CTX_]set_tmp_rsa or set_tmp_rsa_callback if you use the "export" 
suites (which you should avoid) and I think if you have a sign-only (i.e. not 
key-wrap) RSA cert (but I doubt anybody does that nowadays).

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to