• gilo
  • Member
  • Offline
  • Registered: 2015-09-29
  • Posts: 12

Topic: TLSv1.2 with #define NO_DH

Hi,

I am using wolfssl ver 3.1.3 and wolfMQTT 1.1.0 with TLSv1.2 on microchip.

Can TLS1.2 run with #define NO_DH being used?

Thanks,

Gil

Share

  • Registered: 2015-10-07
  • Posts: 430

Re: TLSv1.2 with #define NO_DH

Hi Gil,

Yes you can disable DH if you are using ECC or a static cipher suite.

Thanks,
David Garske, wolfSSL

Share

  • Registered: 2020-08-14
  • Posts: 1

Re: TLSv1.2 with #define NO_DH

Hi,
Whats is application level difference in using DH and ECC? What is the effect of disabling DH? and in which file should we do #define NO_DH?

Share

  • Registered: 2015-10-07
  • Posts: 430

Re: TLSv1.2 with #define NO_DH

Hi rahila_shams,

The difference between DH and ECC is the asymmetric algorithm used for securely deriving a shared secret. If DH is disabled only ECDH(E) cipher suites are available.

For setting the build option I recommend using our user_settings.h and WOLFSSL_USER_SETTINGS to define NO_DH. See our first FAQ item here: https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Thanks,
David Garske, wolfSSL

Share