Re: How to use DH?
Dear Joerg, it would be interesting to learn the reason to consider ssltest insecure. As I read it, DH parameters (modulus and generator) are set to some well-known values. This is required to use the same group, both by server and client. Security of DH key exchange is determined by DH private keys and SSL3 server code would call DH_generate_key() to set it random. That is, security stands on good randomness source, exactly as it should be. Well, this analysis is pretty simple for SSL_OP_SINGLE_DH_USE option set. Did I miss something? regards, Vadim On Tue, Aug 13, 2002 at 04:01:31PM +0200, Joerg Bartholdt wrote: > Innokentiy Ivanov wrote: > > >Good afternoon! > > > >Can anybody help me, please? > >What shell i do to use ciphers with DH/DH-anon key exchange algorithms? > > > >When i try to connect to OpenSSL server with only cipher DH_..._..._... or > >DH_anon_..._..._..., it says: "no shared cipher". > > > >Please, help me to do this. Maybe, OpenSSL doesn't support DH/DHa at all? > > > OpenSSL supports DH, but to use it, you must setup some key material > (which is more or less timeconsuming). > Either you use the setup-routine DH_generate_parameters() and > SSL_CTX_set_tmp_dh() or use fixed key material as seen in ssl/ssltest.c > (fast, but insecure). > > Jo"rg > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Naina library: http://www.unity.net/~vf/naina_r1.tgz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to use DH?
Innokentiy Ivanov wrote: >Good afternoon! > >Can anybody help me, please? >What shell i do to use ciphers with DH/DH-anon key exchange algorithms? > >When i try to connect to OpenSSL server with only cipher DH_..._..._... or >DH_anon_..._..._..., it says: "no shared cipher". > >Please, help me to do this. Maybe, OpenSSL doesn't support DH/DHa at all? > OpenSSL supports DH, but to use it, you must setup some key material (which is more or less timeconsuming). Either you use the setup-routine DH_generate_parameters() and SSL_CTX_set_tmp_dh() or use fixed key material as seen in ssl/ssltest.c (fast, but insecure). Jo"rg __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How to use DH?
Good afternoon! Can anybody help me, please? What shell i do to use ciphers with DH/DH-anon key exchange algorithms? When i try to connect to OpenSSL server with only cipher DH_..._..._... or DH_anon_..._..._..., it says: "no shared cipher". Please, help me to do this. Maybe, OpenSSL doesn't support DH/DHa at all? Thank You, Innokentiy Ivanov. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how to use DH with IE5.5
hi I use "$openssl s_server -accept 1443 -nocert -debug " as a web server . I connect server with IE5 , but error report :SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:772 It's IE don't suport DH ? or some error setting of openssl ? env: server : solories 2.6 openssl-0.9.6 clinet : win nt 4.0 ( sp6) , IE5.5 thanks ¸Ï¿ì×¢²áÍøÒ×È«ÐÂ163.comÃâ·ÑÐÅÏä http://images.163.com/images/163com/ WAPÊÖ»ú--ÖÁ¿á´ó½±µÈ×ÅÄ㣡 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
