Diffie-Hellman key agreement

System SSL supports Diffie-Hellman (DH) key agreement group parameters as defined in PKCS #3 (Diffie-Hellman Key Agreement Standard) and RFC 2631. The Diffie-Hellman key agreement parameters are the prime P, the base G, and, in non-FIPS mode, the optional subprime Q, and subgroup factor J.

Diffie-Hellman key pairs are the private value X and the public value Y. The private value X is less than Q-1 if Q is present in the key parameters, otherwise, the private value X is less than P-1.

Multiple Diffie-Hellman key agreement keys can share domain group parameters (P and G). In addition, the Diffie-Hellman key agreement algorithm requires both parties to use the same group parameters when computing the secret value. An SSL client generates temporary Diffie-Hellman values if the group parameters in the client certificate are not the same as the group parameters in the server certificate. DSA keys may also share domain group parameters as Diffie-Hellman keys.

DH keys:
  • Can be used only for end user certificates
  • Can only be signed using a certificate that contains either an RSA or a DSA key
  • Key size when in non-FIPS mode is between 512 and 2048 bits rounded up to a multiple of 64
  • Key size in FIPS mode of 2048 bits
  • Can only be used for connections where the cipher specification is a fixed Diffie-Hellman key exchange
  • When used in fixed Diffie-Hellman key exchange must allow key agreement.

Only an RSA or DSA client certificate can be used in an ephemeral Diffie-Hellman key exchange.