[openssl-users] OpenSSL 1.1.1 Support for DH Ciphers?

Viktor Dukhovni openssl-users at dukhovni.org
Tue Jan 29 19:42:48 UTC 2019

> On Jan 29, 2019, at 2:23 PM, Rich Fought <rmf.aero at gmail.com> wrote:
> The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are supported:
> TLS1.0:

The static DH and ECDH ciphers have been removed.

> TLS1.2:
> DH-RSA-AES128-SHA256
> DH-RSA-AES256-SHA256
> However, I am unable to see them with openssl ciphers command
> > openssl ciphers -v -s DH
> All I see are DHE ciphers.  DH is needed for compatibility with legacy servers.

They are NOT needed for compatibility with legacy servers.

> Are these only enabled via a compile time option?  Or is the documentation incorrect?

The documentation is likely out of date.


More information about the openssl-users mailing list