On Mon, Oct 13, 2014 at 08:20:46PM -0700, Norm Green wrote:
> I'm using OpenSSL 1.0.1i built from sources on Linux. I'm trying to get an
> ephemeral DH connection to work without certificates and having no luck. I
> can only seem to get anonymous DH (ADH) to work.
ADH is ephemeral DH without certificates.
> When I call SSL_CTX_set_cipher_list('kEECDH:kEDH'), then I get a connection
> but it uses this cipher: which is ADH not EDH:
> "ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD"
ADH is EDH in which no certificates are involved, and thus the EDH key
exchange is unsigned.
> Any idea where I'm going wrong?
A misunderstanding.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
