[openssl-users] OpenSSL 1.1.1 Support for DH Ciphers?
Rich Fought
rmf.aero at gmail.com
Tue Jan 29 19:23:42 UTC 2019
The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH
ciphers are supported:
TLS1.0:
DH-RSA-AES128-SHA
DH-RSA-AES256-SHA
TLS1.2:
DH-RSA-AES128-SHA256
DH-RSA-AES256-SHA256
DH-RSA-AES128-GCM-SHA256
DH-RSA-AES256-GCM-SHA256
However, I am unable to see them with openssl ciphers command
> openssl ciphers -v -s DH
All I see are DHE ciphers. DH is needed for compatibility with legacy
servers.
Are these only enabled via a compile time option? Or is the
documentation incorrect?
Regards,
Rich
More information about the openssl-users
mailing list