[openssl-users] [openssl-dev] A question DH parameter generation and usage
Jayalakshmi bhat
bhat.jayalakshmi at gmail.com
Wed Dec 6 18:04:53 UTC 2017
Hi Rich,
Thanks for the reply. We are planning to use DHE_RSA based ciphers.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users <
openssl-users at openssl.org> wrote:
> You can re-use the keys, but then you get no forward secrecy, and sessions
> generated with one connection are vulnerable to another.
>
>
>
> Why are you using DH? Unless you have compelling reasons (interop with
> legacy), you really should use ECDHE.
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171206/340f71b9/attachment.html>
More information about the openssl-users
mailing list