Am 03.02.2016 um 00:30 schrieb Kurt Roeckx:
On Tue, Feb 02, 2016 at 10:34:32PM +0100, Rainer Jung wrote:
Hi there,
reading the last advisory again, I noticed, that there's one logical
inconsistency.
First:
OpenSSL before 1.0.2f will reuse the key if:
...
- Static DH ciphersuites are used. The key is part of the certificate and so
it will always reuse it. This is only supported in 1.0.2.
and then:
It will not reuse the key for DHE ciphers suites if:
- SSL_OP_SINGLE_DH_USE is set
...
So what's the situation if both situations apply, static DH ciphersuites are
used and SSL_OP_SINGLE_DH_USE is set is set.
Note that it says DHE ciphers, excluding the DH ciphers.
Thanks Matt and Kurt for enlightening me.
Regards,
Rainer
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
