[openssl-users] [openssl-dev] A question DH parameter generation and usage
Jayalakshmi bhat
bhat.jayalakshmi at gmail.com
Wed Dec 6 17:58:34 UTC 2017
Hi Michael,
Thanks for very detailed answers. This will surely help me to investigate
further.
Regards
Jaya
On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik <
Michael.Wojcik at microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Salz, Rich via openssl-users
> > Sent: Wednesday, December 06, 2017 08:50
>
> > You can re-use the keys, but then you get no forward secrecy, and
> sessions generated with one connection are
> > vulnerable to another.
>
> If you reuse keys, yes; but you still get PFS if you only reuse the same
> group and generate ephemeral keys (assuming sufficient group strength,
> where "sufficient" depends on the size of the group and its value to
> well-resourced attackers). I thought that was what the original poster was
> asking about.
>
> > Why are you using DH? Unless you have compelling reasons (interop with
> legacy), you really should use ECDHE.
>
> Interop would be the usual reason. And since supporting DHE properly is a
> small fixed cost (generate a group or pick one from RFC 7919, hard-code it,
> and set it in each SSL_CTX), you might as well do it, no?
>
> But I agree that the ECDHE suites are generally preferable when the client
> supports them. I know there's some NSA FUD around ECC since they pulled it
> from the Suite B recommendations in 2015.[1] I still think the published
> evidence supports using ECC, though. On the other hand, and per today's
> other thread on the subject, there may be legal concerns around the use of
> ECC.
>
>
> [1] Matt Green has a nice discussion of this, including a link to the
> great paper Koblitz and Menezes wrote about it, here: https://blog.
> cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/
>
> --
> Michael Wojcik
> Distinguished Engineer, Micro Focus
>
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171206/6a2bf804/attachment-0001.html>
More information about the openssl-users
mailing list