On Tue, May 24, 2016 at 05:08:38PM +0000, Salz, Rich wrote:
> > 2) Are the same encryption keys used every time with ADH?
>
> Yes. That's the other BIG reason :) You really want ephemeral, and
> therefore ECDH
NO, Rich is making a mistake, ADH is ephemeral of necessity, since
without long-term keys in certificates it is impossible to use
long-term keys whose disclosure might later compromise confidentiality.
> > 3) Is it possible to use ephemeral DH without using certificates? I was not
> > able to get that to work.
>
> Yes. This is "null" auth.
Essentially:
aNULL == (ADH || AECDH).
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
