[openssl-users] How to enable Fixed Diffie Hellman key exchange mechanism

[Viktor Dukhovni]

> On Jan 15, 2018, at 11:14 PM, Bharathi Prasad <barati.j.prasad at gmail.com> wrote:
> 
> I am not in a position to explain the requirement. This is important and we
> need to provide the support. The system supports only DH and EDH.  So could
> you please help me and give me pointers on how to implement fixed DH
> support.

Are you sure the requirement is stated correctly?  EDH is incompatible with
fixed DH, with EDH you use RSA or ECDSA to authenticate the key exchange.

As for using DH keys, they should just work, but you need to load the certificate
before setting the private key, because the key type is ambiguous in the absence
of the certificate, as there's a distinction between SSL_PKEY_DH_RSA and
SSL_PKEY_DH_DSA, that is resolved by the certificate type.

-- 
	Viktor.