> On Jan 29, 2019, at 2:23 PM, Rich Fought <rmf.aero@xxxxxxxxx> wrote: > > The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are supported: > > TLS1.0: > DH-RSA-AES128-SHA > DH-RSA-AES256-SHA The static DH and ECDH ciphers have been removed. > TLS1.2: > DH-RSA-AES128-SHA256 > DH-RSA-AES256-SHA256 > DH-RSA-AES128-GCM-SHA256 > DH-RSA-AES256-GCM-SHA256 > > However, I am unable to see them with openssl ciphers command > > > openssl ciphers -v -s DH > > All I see are DHE ciphers. DH is needed for compatibility with legacy servers. They are NOT needed for compatibility with legacy servers. > Are these only enabled via a compile time option? Or is the documentation incorrect? The documentation is likely out of date. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
