Hi, I am using OpenSSL 0.9.4 to develop a secure server. There are few things that have confused me when confiuring the SSL parameters 1. Server Certificate : When it is said that the cipher is ,for example,SSL_RSA_WITH_NULL_SHA, is it that an RSA signing-only certificate is used?? And if yes, what kind of certificates are those distributed by CAs like Verisgn?? Under what circumstances are they used??? 2. Generation of temporary RSA keys and DH parameterss : The Apache SSL code intiliazes an RNG and uses that just during startup to generate temporary RSA keys. DH params are hard quoted in the code.So if the server is not started again, the same RSA keys are used for each connection served and the Dh params are never changed. Is this safe?? Shouldn't we generate a new pair of RSA keys in the callback that sets RSA keys. Thanks, Amit Chopra. PSPL, Pune, India. . ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
