[openssl-users] Diffie-Hellman Questions

Viktor Dukhovni openssl-users at dukhovni.org
Wed May 25 20:41:06 UTC 2016

On Tue, May 24, 2016 at 05:08:38PM +0000, Salz, Rich wrote:

> > 2) Are the same encryption keys used every time with ADH?
> Yes.  That's the other BIG reason :)  You really want ephemeral, and therefore ECDH

NO, Rich is making a mistake, ADH is ephemeral of necessity, since
without long-term keys in certificates it is impossible to use
long-term keys whose disclosure might later compromise confidentiality.

> > 3) Is it possible to use ephemeral DH without using certificates?  I was not
> > able to get that to work.
> Yes.  This is "null" auth.


    aNULL == (ADH || AECDH).


More information about the openssl-users mailing list