0

Looking at this file it seems Thrift doesn't include openssl functions for supporting Diffie Hellman. https://github.com/apache/thrift/blob/master/lib/cpp/src/thrift/transport/TSSLSocket.cpp

Is it implemented somewhere else? Is there any special reason if it is not used on purpose?

Thanks in advance!

rodolk
  • 5,606
  • 3
  • 28
  • 34
  • That's a 1000 lines of code. What line or lines lead you to believe it doesn't support Diffie-Hellman ciphers? – President James K. Polk Feb 22 '18 at 13:15
  • @JamesKPolk First of all I don't see it includes . Then I don't see any of the Diffie-Hellman-related functions being called (like SSL_CTX_set_tmp_dh, SSL_set_tmp_dh, SSL_set_tmp_dh_callback, for example). Also I don't see functions related to elliptic curve like EC_KEY_new_by_curve_name but that's not the main point of my question. – rodolk Feb 22 '18 at 21:25
  • None of those calls are needed to support the DHE or ECDHE ciphersuites. – President James K. Polk Feb 23 '18 at 01:36
  • @JamesKPolk Aha? You say they aren't necessary? Do you actually know how to use those ciphersuites? Do you have an example? Do you know what they are used here for: https://github.com/openssl/openssl/blob/master/apps/s_server.c ? – rodolk Feb 23 '18 at 04:45
  • They are not needed on the *client side* of the connection. – President James K. Polk Feb 23 '18 at 12:56
  • @JamesKPolk it seems you have some knowledge about this. However, your comments are misleading and don't help a lot. Maybe they are too concise. These functions are needed for the server but it is also very important to have specific dh functions in the client. There are specific dh functions required for using Diffie Hellman in openssl. I hope you understand the code in that file doesn't include the proper functions. – rodolk Feb 23 '18 at 15:38
  • I'm not going to argue with you. You are free to write a simple client using the code and connect to a server and see for yourself what ciphersuites are offered and selected. Also, openssl is both a crypto library and an SSL/TLS library. Are you interested in vanilla Diffie-Hellman (crypto library) or Diffie-Hellman ciphersuites? Also, are you aware of the differences between Diffie-Hellman ephemeral (DHE and ECDHE) ciphersuites and anonymous Diffie-Hellman ciphersuites, and are you aware of the different roles the client and server play in the negotiation of these ciphersuites? – President James K. Polk Feb 23 '18 at 17:43

0 Answers0