> Well one reason is that the fixed ECDH cipher suites do not support forward > secrecy because they always use the same ECDH key.
ECDHE cipher suites as implemented in OpenSSL don't necessarily support forward secrecy either. I wonder what it takes to get SSL_OP_SINGLE_ECDH_USE option by default in the code base? BBB ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org