> From: owner-openssl-us...@openssl.org On Behalf Of Marco Bambini > Sent: Friday, September 19, 2014 12:04
> my server needs to accept DHE ciphers from clients so I think I would need to > be able to load static dh512.pem, dh1024.pem, dh2048.pem and dh4096.pem > certificates on server side. In order to increase security I would like to skip > the pem file loading step and generate these dh certificates on the fly. > Those aren't certificates, they are parameters. For DHE (and also DH-anon) server and client each generates a new (ephemeral) keypair for each handshake using the same parameters. Having many keypairs under the same parameters is secure, this is how Diffie-Hellman works. Generating a new keypair is nearly instantaneous; generating new parameters takes a minute or several, which would be unacceptable per connection on most servers. Generating them on server startup, or now and then such as monthly, would give you the same extremely tiny increase in security. If you really want that, generate parameters using the DH_ specific routine or the EVP_PKEY_ wrapper and pass that to set_tmp_dh or use it (or maybe them) in the callback set by set_tmp_dh_callback, instead of the one(s) read from file(s). The protocol does define "static" DH suites which use DH certificates. (SSLv3 through TLSv1.1 distinguished DH certs signed by RSA or DSS in the ciphersuite; 1.2 essentially merges them and uses the new sigalgs extension instead.) OpenSSL did not implement these in any release yet; 1.0.2 is planned to. DH certificates cannot be requested using the standard PKCS#10 CSR (because DH can't sign) and I've never seen nor heard of any CA that issues a DH cert nor any system wanting to use static-DH. (OpenSSL *does* implement the static *EC*DH suites, although I haven't seen them used in anger either.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
