On 12/17/2011 2:44 AM, Dave Thompson wrote:
Sorry for the delay, I misplaced this temporarily.
From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
Sent: Thursday, 08 December, 2011 12:02
I am now working with 1.0.0.e and am able to get the
anonymous DH going.
Sorry for the delay, I misplaced this temporarily.
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Thursday, 08 December, 2011 12:02
>I am now working with 1.0.0.e and am able to get the
> anonymous DH going. There is only one small problem.
It could be that (undetailed) step "obtain parameters from hardware"
and/or other
indirect hardware calls caused by your OpenSSL calls makes the hardware
think the
key is now "spent" and can/must be deleted.
Hardware crypto is often designed to protect keys much more strictly
than software
cry
Thanks for the response Dave! I was using a FIPS compliant version of
openssl (0.9.8r) and anonymous DH for DTLS was broken with that version. I
am now working with 1.0.0.e and am able to get the anonymous DH going.
There is only one small problem.
We use the p and g from the client/server excha
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Saturday, 03 December, 2011 23:23
> I would like to generate my own DH private/public keys and
> have the client/server exchange these values. The problem I am
> having is that the openssl build I have is
HI
I would like to generate my own DH private/public keys and have the
client/server exchange these values. The problem I am having is that the
openssl build I have is configured to use certificates. Hence the client
side is getting the server's DH public value from the certificate. If I
need to
