Topic: TLSv1.2 with #define NO_DH

Hi,

I am using wolfssl ver 3.1.3 and wolfMQTT 1.1.0 with TLSv1.2 on microchip.

Can TLS1.2 run with #define NO_DH being used?

Thanks,

Gil

Share

Re: TLSv1.2 with #define NO_DH

Hi Gil,

Yes you can disable DH if you are using ECC or a static cipher suite.

Thanks,
David Garske, wolfSSL

Share

Re: TLSv1.2 with #define NO_DH

Hi,
Whats is application level difference in using DH and ECC? What is the effect of disabling DH? and in which file should we do #define NO_DH?

Share

Re: TLSv1.2 with #define NO_DH

Hi rahila_shams,

The difference between DH and ECC is the asymmetric algorithm used for securely deriving a shared secret. If DH is disabled only ECDH(E) cipher suites are available.

For setting the build option I recommend using our user_settings.h and WOLFSSL_USER_SETTINGS to define NO_DH. See our first FAQ item here: https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Thanks,
David Garske, wolfSSL

Share