On Fri, Nov 02, 2012, Abhiram Shandilya wrote: > Hi Steve, Thanks for your response. I'm just trying to figure out what it > takes to get this working - are you of the opinion that an SSL server should > not support TLS 1.2 ECDH-RSA cipher suites? Could you also mention why? >
Well one reason is that the fixed ECDH cipher suites do not support forward secrecy because they always use the same ECDH key. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
