[gnutls-help] Couple of questions about gnutls lib usage.
Jonathan Roudiere
jonathan.roudiere at gmail.com
Mon Sep 23 10:17:49 CEST 2013
Hi Nikos,
>> - In case where I set a certificate and a key (through
>> gnutls_certificate_set_x509_key*)
>> in a credential struct there is a function/way to add certificates to
>> provide them with the first
>> certificate (to build chain) ?
>
> I don't quite understand the question. You mean if you provide an
> incomplete chain whether you can fill it in later? If that is the
> question, that isn't possible.
Yes, that's the question. ok ...
>> - With dh is a new key is generated for every new ssl session ? or
>> only once for the
>> current cred and parameter pair ? In this latter case can I
>> change/control this behavior ?
>
> A new key is generated on every session to maintain the perfect forward
> secrecy requirements. You cannot change that, but why would you want to
> do it differently? If performance is an issue then you could use
> specially crafted groups (as generated by certtool) that use a prime of
> a certain type that allows for keys of smaller size (and thus much
> faster exponentiation).
Ok, that's exactly the behavior I want, it was just to be sure.
> regards,
> Nikos
>
Thank you,
Regards,
Joe
More information about the Gnutls-help
mailing list