ECDHE is the E=Ephemeral version where you get a distinct DH key for
ECDH has a fixed DH key; one side of the handshake doesn't change from
one instance to the next.
ECDHE gives you forward secrecy; ECDH does not.
ECDHE is less efficient than ECDH; it requires more crypto operations.
They also differ in how the handshake gets authenticated. (ECDH is
sort of implicit and ECDHE explicit.)
Note that unless you explicitly tell it not to, OpenSSL will reuse DH
keys anyway in ECDHE for performance reasons. This may or may not be a
problem for you depending on how your application is being launched.
> I'm trying to make sense out of the various abbrevations used for the
> SSL cipher suites listed by openssl ciphers.
> I've googled, but found no explanation of what ECDHE is and how it
> compares to ECDH.
> I'm aware that ECDH stands for "elliptic curve diffie hellman key
> exchange" (and I'm also - cryptographically - aware what that means -
> perfect forward secrecy and such).
> What is ECDHE, is it "better" than just ECDH and what's the difference?
> Hanno Böck mail/jabber: [hidden email] > GPG: BBB51E42 http://www.hboeck.de/