Hello,
I want to use static Diffie Hellman key exchange with RSA authentication
(DH_RSA) in my application.
I am currently using OpenSSL version 1.0.2n. I understand that from version
1.0.2 openSSL supports fixed DH.
Here is what I have tried so far.
Trial 1: I created DH server and client cert
Thank you for the reply.
Let me rephrase my question.
How to support fixed Diffie Hellman key agreement in my application.
OpenSSL 1.0.2 supports fixed DH.
We are currently referring to TLS 1.2 standard and hence need to extend
support for fixed DH and ephemeral DH. I was able to enable EDH but
I understand your point and also agree with you.
I am not in a position to explain the requirement. This is important and we
need to provide the support. The system supports only DH and EDH. So could
you please help me and give me pointers on how to implement fixed DH
support.
--
Sent fro
Hi,
I have the public key of the client but not the private key. I am required
to generate a CSR with only public key. I understand private key is required
for Proof of Possession. However, as per my requirement I am supposed to
create CSR only with public key and my CA would create a certificate.
I used CX509CertificateRequestCertificate class to create CSR with only
public key.
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Hi,
Thanks for the prompt replies. I agree signature from private key should be
present in a CSR. However, as per RFC 2511, Proof Of Possession is optional
though it strongly recommends to have it.
I was able to create the CSR with only public key. I was unintentionally
adding an extra line at th
You are right. Cannot create a certificate with CSR containing only public
key.
Thanks for the explanation.
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
