Hello,
Thank to both of you.
Best regards,
--
Francis
Le 17/09/2014 20:38, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Wednesday, September 17, 2014 13:35
We use openSSL in OFTP2 implementation. The OFTP2 working group
decided
to strongly recommend to use preferably the cipher suites including PFS
(ephemeral Diffie Hellman).
<snip>
To date*, in order to agree a DH-ephemeral or ECDH-ephemeral suite,
the server must be configured with "temporary" DH/ECDH parameters:
https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
tmp_ecdh* is similar but has no manpage. Is it?
For ECDHE, the temporary parameters must be a curve allowed by the
client's list of supported curves. For openssl clients (except RedHat)
all standard "named" curves are allowed, but other clients may differ.
P-256 and P-384, and maybe P-521, seem to be most widely supported,
and therefore probably the best choices in general.
* 1.0.2 is expected to have some more convenient options in this area.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
