> On Jan 11, 2018, at 4:35 AM, Bharathi Prasad <barati.j.prasad@xxxxxxxxx> wrote: > > I want to use static Diffie Hellman key exchange with RSA authentication > (DH_RSA) in my application. > > I am currently using OpenSSL version 1.0.2n. I understand that from version > 1.0.2 openSSL supports fixed DH. Support for "fixed DH" ciphers has been withdrawn in OpenSSL 1.1.0. Also TLS 1.3 drops support for "fixed DH". You should not use "fixed DH" ciphers (i.e. any of DH_RSA, DH_DSS, ECDH_ECDSA, ECDH_RSA). RFC5246 says: If the client provided a "signature_algorithms" extension, then all certificates provided by the server MUST be signed by a hash/signature algorithm pair that appears in that extension. Note that this implies that a certificate containing a key for one signature algorithm MAY be signed using a different signature algorithm (for instance, an RSA key signed with a DSA key). This is a departure from TLS 1.1, which required that the algorithms be the same. Note that this also implies that the DH_DSS, DH_RSA, ECDH_ECDSA, and ECDH_RSA key exchange algorithms do not restrict the algorithm used to sign the certificate. Fixed DH certificates MAY be signed with any hash/signature algorithm pair appearing in the extension. The names DH_DSS, DH_RSA, ECDH_ECDSA, and ECDH_RSA are historical. So "RSA authentication" is a misnomer with "fixed DH", the certificate is a DH or ECDH certificate. Both authentication and key exchange are via the same DH or ECDH computation. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
