You can re-use the keys, but then you get no forward secrecy, and sessions
generated with one connection are vulnerable to another.
Why are you using DH? Unless you have compelling reasons (interop with
legacy), you really should use ECDHE.
--
openssl-dev mailing list
To unsubscribe: https://
For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you
if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API,
there is documentation describing how to use this function.
DH parameter could be generated by OpenSSL in many ways, one of the common way
Hi,
We are planning to use DHE_RSA TLS ciphers into our product. I have few
questions on using DH parameter. We would like to use DH-2048.
our product includes both TLS client and server applications. Thus any time
there will be considerable number of active connectioons.
I believe we can use sa
