< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

Re: [reSIProcate] TLS/WSS support for DH, ECDH and PFS added


Hi Daniel, about the Diffie-Hellman (DH) parameters file, does it is only one file for global ? For example, I have set more than one TLS transports for multiple domains but just need only one DH file, right ? And the DH file is a random content not relates to any domain ?

Thanks

On Thu, Sep 17, 2015 at 11:59 PM, Daniel Pocock <daniel@xxxxxxxxxx> wrote:


I've just added support for Diffie Hellman (DH and ECDH) on TLS transports.

This won't be backported to 1.9.x, it will be part of the 1.10.0 release.

It is briefly explained in repro.config, see TlsDHParamsFilename

If a client doesn't support DH or ECDH and if you have enabled cipher
suites without DH or ECDH then a connection is still possible.

If you change the list of cipher suites to only support DH or ECDH
ciphers, then it will only accept connections with peers capable of
using this.
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel