[gnutls-devel] cipher suites
James Cloos
cloos at jhcloos.com
Sun Oct 13 19:20:42 CEST 2013
>>>>> "SB" == Stefan Bühler <stbuehler at lighttpd.net> writes:
>>>>> "NM" == Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
NM> No-one uses static DH keys. I don't think anyone ever did. The data
NM> from the SSL observatory show 0 certificates using static DH keys on
NM> the Internet. This is the reason we never supported them.
SB>> ECDH_ECDSA and ECDH_RSA key exchange:
NM> The same as static DH keys.
The 'net != the web. :)
OpenSSL and NSS both support ECDSA pairs.
Postfix has included support for ecdsa key/cert pairs for some time now,
in parallel with rsa and dsa. I'm sure it is not alone.
MTAs and MUAs, at least, would have something with which to communicate.
I expect, as DANE takes off, ecc will get more use.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6
More information about the Gnutls-devel
mailing list