mod_ssl and ephemeral keying

mod_ssl and ephemeral keying

am 29.03.2010 17:58:20 von thomas

there seem to be different ways to enable ephemeral keying by using
SSLCipherSuite in the mod_ssl config.

If I specify kEDH for the kex algorithm, does it mean that the key
exchange is not integrity protected by using RSA/DSA (b/c the
description states "no cert.")?

So, if I want ephemeral keying with integrity protection, do I have
to use:
a.) SSLCipherSuite kDHr:kDHd:...
b.) SSLCipherSuite kEDH:EDH
or something else?

Thanks for your help.


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl)
User Support Mailing List
Automated List Manager