On 30.05.2018 19:12, Viktor Dukhovni wrote: > So I would disable only kDH, but not DHE. Keep in mind that > some remote systems will not support EECDH, and by disabling > DHE, you get only kRSA, which is worse. So I think that > '!DH' is unwise. I respectfully disagree. The only practical disadvantage of kRSA is that it doesn't provide PFS. Losing PFS is bad, but it's not a huge price for ensuring secure key exchange. Actually, there aren't that many platforms nowadays that support kDHE and not kECDHE. Best regards, Mike
Attachment:
signature.asc
Description: OpenPGP digital signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
