> On Jan 12, 2018, at 1:57 AM, Bharathi Prasad <barati.j.prasad@xxxxxxxxx> wrote: > > Let me rephrase my question. > > How to support fixed Diffie Hellman key agreement in my application. > > OpenSSL 1.0.2 supports fixed DH. > We are currently referring to TLS 1.2 standard and hence need to extend > support for fixed DH and ephemeral DH. I was able to enable EDH but not DH. > > Could you please give me pointers on how to extend support for fixed DH in > my code. Once again, the best thing to do here is to NOT support fixed DH in TLS 1.2. These are not mandatory ciphersuites, and they proved in retrospect a bad idea. So just don't do it. You will encounter any interoperability issues by omitting support for these ciphersuites. Why do you feel a need to support fixed DH? -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
