When do I need to install dh parameters?
Sam Varshavchik
mrsam at courier-mta.com
Sun Oct 3 00:14:57 CEST 2010
Conceptually, I'm trying to understand when I need to install DH parameters
if I'm using RSA certificates, using gnutls_certificate_set_dh_params(). I
understand that DH parameters are required when using DH server certs, but
I've got a bunch of test code (an internal testsuite) that uses RSA certs,
with gnutls on both the client and server side, setting up TLS sessions in
various ways -- installing a certificate up front, on the server side, or
using a callback to return a certificate for particular TLS sessionm, etc.
I find that sometimes I can get through a handshake without loading DH
parameters, other times handshake fails unless I install them. As far as I
can see that's the only major difference between my code that works without
DH parameters, and the one that fails to handshake unless DH parameters are
installed. Am I on the right track, or are there also other situations?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20101002/c5d6ab7a/attachment.pgp>
More information about the Gnutls-help
mailing list