1SSL_CTX_SET_TMP_DH_CALLBACK(3ossl)  OpenSSL SSL_CTX_SET_TMP_DH_CALLBACK(3ossl)
2
3
4

NAME

6       SSL_CTX_set_dh_auto, SSL_set_dh_auto, SSL_CTX_set0_tmp_dh_pkey,
7       SSL_set0_tmp_dh_pkey, SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh,
8       SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral
9       key exchange
10

SYNOPSIS

12        #include <openssl/ssl.h>
13
14        long SSL_CTX_set_dh_auto(SSL_CTX *ctx, int onoff);
15        long SSL_set_dh_auto(SSL *s, int onoff);
16        int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey);
17        int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey);
18
19       The following functions have been deprecated since OpenSSL 3.0, and can
20       be hidden entirely by defining OPENSSL_API_COMPAT with a suitable
21       version value, see openssl_user_macros(7):
22
23        void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
24                                         DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
25                                                                int keylength));
26        long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
27
28        void SSL_set_tmp_dh_callback(SSL *ctx,
29                                     DH *(*tmp_dh_callback)(SSL *ssl, int is_export,
30                                                            int keylength));
31        long SSL_set_tmp_dh(SSL *ssl, DH *dh);
32

DESCRIPTION

34       The functions described on this page are relevant for servers only.
35
36       Some ciphersuites may use ephemeral Diffie-Hellman (DH) key exchange.
37       In these cases, the session data is negotiated using the
38       ephemeral/temporary DH key and the key supplied and certified by the
39       certificate chain is only used for signing. Anonymous ciphers (without
40       a permanent server key) also use ephemeral DH keys.
41
42       Using ephemeral DH key exchange yields forward secrecy as the
43       connection can only be decrypted when the DH key is known. By
44       generating a temporary DH key inside the server application that is
45       lost when the application is left, it becomes impossible for an
46       attacker to decrypt past sessions, even if they get hold of the normal
47       (certified) key, as this key was only used for signing.
48
49       In order to perform a DH key exchange the server must use a DH group
50       (DH parameters) and generate a DH key. The server will always generate
51       a new DH key during the negotiation.
52
53       As generating DH parameters is extremely time consuming, an application
54       should not generate the parameters on the fly. DH parameters can be
55       reused, as the actual key is newly generated during the negotiation.
56
57       Typically applications should use well know DH parameters that have
58       built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and
59       SSL_set_dh_auto() configure OpenSSL to use the default built-in DH
60       parameters for the SSL_CTX and SSL objects respectively. Passing a
61       value of 1 in the onoff parameter switches the feature on, and passing
62       a value of 0 switches it off. The default setting is off.
63
64       If "auto" DH parameters are switched on then the parameters will be
65       selected to be consistent with the size of the key associated with the
66       server's certificate.  If there is no certificate (e.g. for PSK
67       ciphersuites), then it it will be consistent with the size of the
68       negotiated symmetric cipher key.
69
70       Applications may supply their own DH parameters instead of using the
71       built-in values. This approach is discouraged and applications should
72       in preference use the built-in parameter support described above.
73       Applications wishing to supply their own DH parameters should call
74       SSL_CTX_set0_tmp_dh_pkey() or SSL_set0_tmp_dh_pkey() to supply the
75       parameters for the SSL_CTX or SSL respectively. The parameters should
76       be supplied in the dhpkey argument as an EVP_PKEY containing DH
77       parameters. Ownership of the dhpkey value is passed to the SSL_CTX or
78       SSL object as a result of this call, and so the caller should not free
79       it if the function call is successful.
80
81       The deprecated macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do the
82       same thing as SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey()
83       except that the DH parameters are supplied in a DH object instead in
84       the dh argument, and ownership of the DH object is retained by the
85       application. Applications should use "auto" parameters instead, or call
86       SSL_CTX_set0_tmp_dh_pkey() or SSL_set0_tmp_dh_pkey() as appropriate.
87
88       An application may instead specify the DH parameters via a callback
89       function using the functions SSL_CTX_set_tmp_dh_callback() or
90       SSL_set_tmp_dh_callback() to set the callback for the SSL_CTX or SSL
91       object respectively. These functions are deprecated. Applications
92       should instead use "auto" parameters, or specify the parameters via
93       SSL_CTX_set0_tmp_dh_pkey() or SSL_set0_tmp_dh_pkey() as appropriate.
94
95       The callback will be invoked during a connection when DH parameters are
96       required. The SSL object for the current connection is supplied as an
97       argument. Previous versions of OpenSSL used the is_export and keylength
98       arguments to control parameter generation for export and non-export
99       cipher suites. Modern OpenSSL does not support export ciphersuites and
100       so these arguments are unused and can be ignored by the callback. The
101       callback should return the parameters to be used in a DH object.
102       Ownership of the DH object is retained by the application and should
103       later be freed.
104

RETURN VALUES

106       All of these functions/macros return 1 for success or 0 on error.
107

SEE ALSO

109       ssl(7), SSL_CTX_set_cipher_list(3), SSL_CTX_set_options(3),
110       openssl-ciphers(1), openssl-dhparam(1)
111
113       Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
114
115       Licensed under the Apache License 2.0 (the "License").  You may not use
116       this file except in compliance with the License.  You can obtain a copy
117       in the file LICENSE in the source distribution or at
118       <https://www.openssl.org/source/license.html>.
119
120
121
1223.1.1                             2023-08-31SSL_CTX_SET_TMP_DH_CALLBACK(3ossl)
Impressum