Re: OpenSSL 1.1.1 Support for DH Ciphers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 30/01/2019 00:11, Kurt Roeckx wrote:

On Tue, Jan 29, 2019 at 02:42:48PM -0500, Viktor Dukhovni wrote:

On Jan 29, 2019, at 2:23 PM, Rich Fought <rmf.aero@xxxxxxxxx> wrote:

The OpenSSL 1.1.1 ciphers manpage claims that some non-ephemeral DH ciphers are supported:

TLS1.0:
DH-RSA-AES128-SHA
DH-RSA-AES256-SHA

The static DH and ECDH ciphers have been removed.


TLS1.2:
DH-RSA-AES128-SHA256
DH-RSA-AES256-SHA256
DH-RSA-AES128-GCM-SHA256
DH-RSA-AES256-GCM-SHA256

However, I am unable to see them with openssl ciphers command


openssl ciphers -v -s DH

All I see are DHE ciphers.  DH is needed for compatibility with legacy servers.

They are NOT needed for compatibility with legacy servers.

To clarify, the static DH has fixed DH parameters in the
certificate. Instead of generating the parameters on each
connection, it's fixed in the certificate. It's higly unlikely
that you have such certificates. They're very difficult to
actually generate. Other then some test certificates, I have never
seen any actual such certificate.

Even if you somehow managed to generate such certificate, both the
client and server would actually need to be set up to work with
static DH, and only static DH, which also seems unlikely.


At least when not using client certificates, no special client
configuration is needed (other than a non-crippled SSL library).

Server sends the DH parameters from the certificate.  Client
generates a random ephemeral key (just like with the DHE suites),
server "signs" finished message with something derived from the
shared DH result, thus proving it has the private DH key to
correctly complete the DH exchange.

A few SSL/TLS messages may be differently formatted than for DHE,
that's all.  Of cause the static DH suites provide no forward
secrecy after a private key breach, but that's no different
from the basic RSA suites.

Public CAs no longer issue DH certificates, so these will not be
found in public services that rely on the browser/mail/OS
certificate trusts, but they may still exist in private trust
contexts not constrained by browser politics.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux