< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [reSIProcate] TLS/WSS support for DH, ECDH and PFS added

From: Karlsson <boost.regex@xxxxxxxxx>
Date: Mon, 21 Sep 2015 16:30:10 +0800

Hi Daniel, about the Diffie-Hellman (DH) parameters file, does it is only one file for global ? For example, I have set more than one TLS transports for multiple domains but just need only one DH file, right ? And the DH file is a random content not relates to any domain ?

Thanks

On Thu, Sep 17, 2015 at 11:59 PM, Daniel Pocock <daniel@xxxxxxxxxx> wrote:

I've just added support for Diffie Hellman (DH and ECDH) on TLS transports.

This won't be backported to 1.9.x, it will be part of the 1.10.0 release.

It is briefly explained in repro.config, see TlsDHParamsFilename

If a client doesn't support DH or ECDH and if you have enabled cipher
suites without DH or ECDH then a connection is still possible.

If you change the list of cipher suites to only support DH or ECDH
ciphers, then it will only accept connections with peers capable of
using this.
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel

Follow-Ups:
- Re: [reSIProcate] TLS/WSS support for DH, ECDH and PFS added
  - From: Daniel Pocock

References:
- [reSIProcate] TLS/WSS support for DH, ECDH and PFS added
  - From: Daniel Pocock

Prev by Date: Re: [reSIProcate] compiling nICEr
Next by Date: Re: [reSIProcate] TLS/WSS support for DH, ECDH and PFS added
Previous by thread: [reSIProcate] TLS/WSS support for DH, ECDH and PFS added
Next by thread: Re: [reSIProcate] TLS/WSS support for DH, ECDH and PFS added
Index(es):
- Date
- Thread