> On Jan 12, 2018, at 1:57 AM, Bharathi Prasad <barati.j.pra...@gmail.com>
> wrote:
>
> Let me rephrase my question.
>
> How to support fixed Diffie Hellman key agreement in my application.
>
> OpenSSL 1.0.2 supports fixed DH.
> We are currently referring to TLS 1.2 standard and hence need to extend
> support for fixed DH and ephemeral DH. I was able to enable EDH but not DH.
>
> Could you please give me pointers on how to extend support for fixed DH in
> my code.
Once again, the best thing to do here is to NOT support fixed DH in TLS
1.2. These are not mandatory ciphersuites, and they proved in retrospect
a bad idea. So just don't do it. You will encounter any interoperability
issues by omitting support for these ciphersuites.
Why do you feel a need to support fixed DH?
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
