[openssl-users] Diffie-Hellman Questions

Norm Green norm.green at gemtalksystems.com
Tue May 24 16:57:30 UTC 2016


I need some clarifications on the DH implementation in OpenSSL. 
Currently I'm using version 1.0.2h

1) The wiki says don't use ADH, presumably because ADH provides 
encryption but not authentication and is exposed to man in the middle 
attacks. Is that the only reason?

2) Are the same encryption keys used every time with ADH?

3) Is it possible to use ephemeral DH without using certificates?  I was 
not able to get that to work.

4) What is the best practice for establishing an anonymous encrypted 
channel using OpenSSL?

Norm Green



More information about the openssl-users mailing list