[gnutls-devel] cipher suites

James Cloos cloos at jhcloos.com
Sun Oct 13 19:20:42 CEST 2013


>>>>> "SB" == Stefan Bühler <stbuehler at lighttpd.net> writes:
>>>>> "NM" == Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

NM> No-one uses static DH keys. I don't think anyone ever did. The data
NM> from the SSL observatory show 0 certificates using static DH keys on
NM> the Internet. This is the reason we never supported them.

SB>> ECDH_ECDSA and ECDH_RSA key exchange:

NM> The same as static DH keys.

The 'net != the web. :)

OpenSSL and NSS both support ECDSA pairs.

Postfix has included support for ecdsa key/cert pairs for some time now,
in parallel with rsa and dsa.  I'm sure it is not alone.

MTAs and MUAs, at least, would have something with which to communicate.

I expect, as DANE takes off, ecc will get more use.

-JimC
-- 
James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6



More information about the Gnutls-devel mailing list