Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot, bind-address mysql multiple, sanibleone xxxx, ftp://192.168.100.100/, www.xxxcon

Links

XODOX
Impressum

#1: mod_ssl and ephemeral keying

Posted on 2010-03-29 17:58:20 by thomas

Hello,
regarding http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
there seem to be different ways to enable ephemeral keying by using
SSLCipherSuite in the mod_ssl config.

If I specify kEDH for the kex algorithm, does it mean that the key
exchange is not integrity protected by using RSA/DSA (b/c the
description states "no cert.")?

So, if I want ephemeral keying with integrity protection, do I have
to use:
a.) SSLCipherSuite kDHr:kDHd:...
or
b.) SSLCipherSuite kEDH:EDH
or something else?


Thanks for your help.

Thomas



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message