Re: [TLS] TLS 1.1 and static DH

[Bodo Moeller <bmoeller@xxxxxxx>]

On Wed, Oct 25, 2006 at 01:28:53PM +0300, Pasi.Eronen@xxxxxxxxx wrote:
> pgut001@xxxxxxxxxxxxxxxxx wrote:

>> cryptlib definitely doesn't do static DH... in fact does anything?
>> Why would anyone do it at all, for that matter?

> Based on a quick look at the source code, at least OpenSSL, Mozilla
> NSS, and PureTLS appear to support static DH. 
> 
> But I don't know why they do it either (or whether that part of the
> code has actually ever been used or tested :-)

OpenSSL doesn't support static DH, actually.  There's anonymous and
non-anonymous ephemeral DH, there's static and ephemeral ECDH, but no
static DH with DH certificates.  (There's also some code that doesn't
totally neglect the possibility of having DH certificates, but this
doesn't mean it is actually used anywhere.)

Bodo


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls