[Ach] OpenSSL Cipher Strings: kDHE/kECDHE
Peter Ulber
pu at uni-konstanz.de
Mon Mar 9 17:20:09 CET 2015
Hi,
today we had a talk about mod_ssl and mod_tls. While discussing the matter we had taken a look at the configuration tool offered by Mozilla:
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Because I mainly use GnuTLS I am not that familiar with OpenSSL Cipher Strings, so I want to ask, if someone can explain the meaning of kEDH/kDHE and kEECDH/kECDHE? As far as I understand, that one should not use ADH because of MITM attacks. But why one would use DHE/ECDHE with anonymous cipher suites? Is that not as vulnerable to MITM attacks as ADH/AECDH?
Here is, what the manual and the wiki say:
https://wiki.openssl.org/index.php/Manual:Ciphers%281%29#CIPHER_STRINGS
https://wiki.openssl.org/index.php/Diffie_Hellman
but because there is no ADHE or AECDHE I'm not sure I understand the meaning of kDHE and kECDHE. Overall I find the notation of the cipher suites which OpenSSL is using very confusing ... compared to GnuTLS ;-)
Thanks and regards,
Peter
--
Peter Ulber --- KIM Basisdienste an der Universität Konstanz
V404 (Tel: +49 7531 88 2622) - Mail/XMPP: pu at uni-konstanz.de
https://www.rz.uni-konstanz.de/rechenzentrum/team/peterulber
S/MIME Fingerprint: E1353193E1BD5ED2F34759168686ABAEFF1F7B9D
More information about the Ach
mailing list