Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

www.xxxcon, which comes first ob_start or session, wwwxxx/58/2010, xxxxdup, xxxxdup, mailx informatii, should producers of software-based services, such as atms, be held liable for economic injuries suffered when their systems fail?, mysql feiertage, bash netcat eof, 192.168.1.41:8000

Links

XODOX
Impressum

#1: mod_ssl and ephemeral keying

Posted on 2010-03-29 17:58:20 by thomas

Hello,
regarding http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
there seem to be different ways to enable ephemeral keying by using
SSLCipherSuite in the mod_ssl config.

If I specify kEDH for the kex algorithm, does it mean that the key
exchange is not integrity protected by using RSA/DSA (b/c the
description states "no cert.")?

So, if I want ephemeral keying with integrity protection, do I have
to use:
a.) SSLCipherSuite kDHr:kDHd:...
or
b.) SSLCipherSuite kEDH:EDH
or something else?


Thanks for your help.

Thomas



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message