[openssl-users] How to enable Fixed Diffie Hellman key exchange mechanism
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jan 11 15:33:58 UTC 2018
> On Jan 11, 2018, at 4:35 AM, Bharathi Prasad <barati.j.prasad at gmail.com> wrote:
>
> I want to use static Diffie Hellman key exchange with RSA authentication
> (DH_RSA) in my application.
>
> I am currently using OpenSSL version 1.0.2n. I understand that from version
> 1.0.2 openSSL supports fixed DH.
Support for "fixed DH" ciphers has been withdrawn in OpenSSL 1.1.0.
Also TLS 1.3 drops support for "fixed DH". You should not use
"fixed DH" ciphers (i.e. any of DH_RSA, DH_DSS, ECDH_ECDSA, ECDH_RSA).
RFC5246 says:
If the client provided a "signature_algorithms" extension, then all
certificates provided by the server MUST be signed by a
hash/signature algorithm pair that appears in that extension. Note
that this implies that a certificate containing a key for one
signature algorithm MAY be signed using a different signature
algorithm (for instance, an RSA key signed with a DSA key). This is
a departure from TLS 1.1, which required that the algorithms be the
same. Note that this also implies that the DH_DSS, DH_RSA,
ECDH_ECDSA, and ECDH_RSA key exchange algorithms do not restrict the
algorithm used to sign the certificate. Fixed DH certificates MAY be
signed with any hash/signature algorithm pair appearing in the
extension. The names DH_DSS, DH_RSA, ECDH_ECDSA, and ECDH_RSA are
historical.
So "RSA authentication" is a misnomer with "fixed DH", the certificate
is a DH or ECDH certificate. Both authentication and key exchange
are via the same DH or ECDH computation.
--
Viktor.
More information about the openssl-users
mailing list