[openssl-users] DH parameters [was: Vulnerability >> logjam << downgrades TLS connections to 512 Bit]

Jeffrey Walton noloader at gmail.com
Fri May 22 17:37:12 UTC 2015

On Fri, May 22, 2015 at 5:20 AM, Walter H. <Walter.H at mathemainzel.info> wrote:
> Hello
> On 22.05.2015 08:30, Jeffrey Walton wrote:
>> Or are you talking about server certificates with fixed DH parameters?
> can you please tell me more about this?

They have a DH group called out by parameters (an not by name as in
the Gillmor draft). They also use a static key "A = g ^ a". The "A" is
the public key, and the public key is effectively fixed and presented
like an RSA key or a DSS key in the certificate.

They are being phased out or have been phased out. I don't use them,
so I don't really follow them.


More information about the openssl-users mailing list