generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH

Browse Source 
see RT #3203

Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants.  This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Daniel Kahn Gillmor
2014-05-12 14:17:22 -04:00
committed by Kurt Roeckx
parent 1e10aee2a7
commit 0ec6898c67
11 changed files with 66 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
View File

@@ -70,7 +70,7 @@ the TLS standard, when the RSA key can be used for signing only, that is
for export ciphers. Using ephemeral RSA key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral RSA key
exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).