[Ach] OpenSSL Cipher Strings: kDHE/kECDHE

Peter Ulber pu at uni-konstanz.de
Mon Mar 9 17:20:09 CET 2015


today we had a talk about mod_ssl and mod_tls. While discussing the matter we had taken a look at the configuration tool offered by Mozilla:


Because I mainly use GnuTLS I am not that familiar with OpenSSL Cipher Strings, so I want to ask, if someone can explain the meaning of kEDH/kDHE and kEECDH/kECDHE? As far as I understand, that one should not use ADH because of MITM attacks. But why one would use DHE/ECDHE with anonymous cipher suites? Is that not as vulnerable to MITM attacks as ADH/AECDH? 

Here is, what the manual and the wiki say:


but because there is no ADHE or AECDHE I'm not sure I understand the meaning of kDHE and kECDHE. Overall I find the notation of the cipher suites which OpenSSL is using very confusing ... compared to GnuTLS ;-)

Thanks and regards,

Peter Ulber --- KIM Basisdienste an der Universität Konstanz
V404 (Tel: +49 7531 88 2622) - Mail/XMPP: pu at uni-konstanz.de
S/MIME Fingerprint: E1353193E1BD5ED2F34759168686ABAEFF1F7B9D

More information about the Ach mailing list