[openssl-users] OpenSSL 1.1.1 Support for DH Ciphers?

Kurt Roeckx kurt at roeckx.be
Tue Jan 29 23:11:23 UTC 2019


On Tue, Jan 29, 2019 at 02:42:48PM -0500, Viktor Dukhovni wrote:
> > On Jan 29, 2019, at 2:23 PM, Rich Fought <rmf.aero at gmail.com> wrote:
> > 
> > The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are supported:
> > 
> > TLS1.0:
> > DH-RSA-AES128-SHA
> > DH-RSA-AES256-SHA
> 
> The static DH and ECDH ciphers have been removed.
> 
> > TLS1.2:
> > DH-RSA-AES128-SHA256
> > DH-RSA-AES256-SHA256
> > DH-RSA-AES128-GCM-SHA256
> > DH-RSA-AES256-GCM-SHA256
> > 
> > However, I am unable to see them with openssl ciphers command
> > 
> > > openssl ciphers -v -s DH
> > 
> > All I see are DHE ciphers.  DH is needed for compatibility with legacy servers.
> 
> They are NOT needed for compatibility with legacy servers.

To clarify, the static DH has fixed DH parameters in the
certificate. Instead of generating the parameters on each
connection, it's fixed in the certificate. It's higly unlikely
that you have such certificates. They're very difficult to
actually generate. Other then some test certificates, I have never
seen any actual such certificate.

Even if you somehow managed to generate such certificate, both the
client and server would actually need to be set up to work with
static DH, and only static DH, which also seems unlikely. 


Kurt



More information about the openssl-users mailing list