[openssl-users] OpenSSL 1.1.1 Support for DH Ciphers?
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Jan 29 19:42:48 UTC 2019
> On Jan 29, 2019, at 2:23 PM, Rich Fought <rmf.aero at gmail.com> wrote:
>
> The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are supported:
>
> TLS1.0:
> DH-RSA-AES128-SHA
> DH-RSA-AES256-SHA
The static DH and ECDH ciphers have been removed.
> TLS1.2:
> DH-RSA-AES128-SHA256
> DH-RSA-AES256-SHA256
> DH-RSA-AES128-GCM-SHA256
> DH-RSA-AES256-GCM-SHA256
>
> However, I am unable to see them with openssl ciphers command
>
> > openssl ciphers -v -s DH
>
> All I see are DHE ciphers. DH is needed for compatibility with legacy servers.
They are NOT needed for compatibility with legacy servers.
> Are these only enabled via a compile time option? Or is the documentation incorrect?
The documentation is likely out of date.
--
Viktor.
More information about the openssl-users
mailing list