Re: [TLS] Key exchange with DH_RSA

[Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>]

Ali Fessi <ali.fessi@xxxxxxxxxxxxxxxx> writes:

> Hi all,
>
> The TLS specification says (RFC4346 - Section 7.4.3. "Server Key
> Exchange Message")
>
> "It is not legal to send the server key exchange message for the
> following key exchange methods:
>
>       RSA
>       DH_DSS
>       DH_RSA"
>
> But in case of *DH_RSA*, how can the DH exchange be completed if the
> client does not receive any DH value from the server in the "Server
> Key Exchange Message", nor does the certificate in the "Server
> Certificate" message include any helpful information to complete the
> DH exchange (since the public key of the certificate is an RSA public
> key)?
>
> In other words: how can a *non-ephemeral* DH be achieved, if the
> server's certificate key type is RSA?

DH_RSA and DH_DSS mean "a static DH cert signed with RSA/DSS"

-Ekr

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls