Hi Dr. Stephen Henson, Thanks for your answer.
I know this cipher suite is rarely used however we do need this feature and we do want to test it using openssl. Do you happen to know how to get a DH certificate or how to generate a DH certificate using openssl or other tools. -Zyan From: "Dr. Stephen Henson" <st...@openssl.org> To: openssl-users@openssl.org, Date: 08/15/2013 07:26 PM Subject: Re: Is RFC3268 extension supported in openssl? Sent by: owner-openssl-us...@openssl.org On Thu, Aug 15, 2013, Zyan Wu wrote: > >From the documents of http://www.openssl.org/docs/apps/ciphers.html and > CHANGES with the source code, RFC3268 is stated to be supported. > > But I cannot get the following ciphers by using openssl ciphers. (I have > used openssl1.0.1e and openssl0.9.8y) > > TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA > TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA > TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA > TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA > > Are they really supported or do I have to enable them when building > openssl? > Those web pages refer to the current development branch of OpenSSL so some features (including these ciphersuites) may not be in all versions of OpenSSL. Those pareticular ciphersuites require the use of a DH certificate and are only supported in unreleased OpenSSL 1.0.2 and the master branch. Very few implementations support them, the ephemeral DH (EDH) ciphersuites are much more common. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org