[openssl-users] [openssl-dev] A question DH parameter generation and usage
bhat.jayalakshmi at gmail.com
Wed Dec 6 17:58:34 UTC 2017
Thanks for very detailed answers. This will surely help me to investigate
On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Salz, Rich via openssl-users
> > Sent: Wednesday, December 06, 2017 08:50
> > You can re-use the keys, but then you get no forward secrecy, and
> sessions generated with one connection are
> > vulnerable to another.
> If you reuse keys, yes; but you still get PFS if you only reuse the same
> group and generate ephemeral keys (assuming sufficient group strength,
> where "sufficient" depends on the size of the group and its value to
> well-resourced attackers). I thought that was what the original poster was
> asking about.
> > Why are you using DH? Unless you have compelling reasons (interop with
> legacy), you really should use ECDHE.
> Interop would be the usual reason. And since supporting DHE properly is a
> small fixed cost (generate a group or pick one from RFC 7919, hard-code it,
> and set it in each SSL_CTX), you might as well do it, no?
> But I agree that the ECDHE suites are generally preferable when the client
> supports them. I know there's some NSA FUD around ECC since they pulled it
> from the Suite B recommendations in 2015. I still think the published
> evidence supports using ECC, though. On the other hand, and per today's
> other thread on the subject, there may be legal concerns around the use of
>  Matt Green has a nice discussion of this, including a link to the
> great paper Koblitz and Menezes wrote about it, here: https://blog.
> Michael Wojcik
> Distinguished Engineer, Micro Focus
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users