mod_ssl and ephemeral keying

mod_ssl and ephemeral keying

am 29.03.2010 17:58:20 von thomas

Hello,
regarding http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
there seem to be different ways to enable ephemeral keying by using
SSLCipherSuite in the mod_ssl config.

If I specify kEDH for the kex algorithm, does it mean that the key
exchange is not integrity protected by using RSA/DSA (b/c the
description states "no cert.")?

So, if I want ephemeral keying with integrity protection, do I have
to use:
a.) SSLCipherSuite kDHr:kDHd:...
or
b.) SSLCipherSuite kEDH:EDH
or something else?


Thanks for your help.

Thomas



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org