1 Topic by Zeddi (edited by Zeddi 2014-03-11 01:26:27)

  • From: Germany
  • Registered: 2013-08-27
  • Posts: 24

Topic: [SOLVED] Using pre-generated DH parameters for TLS connection setup

I saw that the benchmark.c-file from wolfSSL embedded SSL contains a function for testing DH key generation/agreement (bench_dh).
For this test, pre-generated DH parameters from the file certs/dh2048.der are used.

I am now wondering, if I can speed up the setup of TLS connections with ECDH-ECDSA-AES256-SHA and ECDHE-ECDSA-AES256-SHA cipher suites using pre-generated DH parameters.

I searched the code a little, but I didn't find a place where pre-generated DH parameters are used other than the benchmark function.

Is it possible to somehow use a pre-generated DH parameters file for TLS connections or am I misunderstanding this topic?

Thanks!
- Daniel

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: [SOLVED] Using pre-generated DH parameters for TLS connection setup

Hi,

When using standard DH, pre-generated parameters can be loaded using one of the following functions from <wolfssl/ssl.h> with an SSL session (WOLFSSL) object:

int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, const unsigned char* g, int gSz);
int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* b, long sz, int format);
int wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);

Or with one of these, if loading into a SSL context (WOLFSSL_CTX):

int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, const unsigned char* g, int gSz);
int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* b, long sz, int format);
int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f, int format);

Note that we don't support loading pre-generated ECDH parameters, as wolfSSL currently only supports P-256, and parameters are automatically generated.

Best Regards,
Chris

https://www.wolfssl.com

chrisc's Website

Share