Fixed Diffie-Hellman: This is a Diffie-Hellman key exchange in which the server certificate contains General Diffie-Hellman parameters signed by a certification authority (CA). That is, the public key certificate contains the Diffie-Hellman public key settings. The client provides its Diffie-Hellman public key parameters either to the certificate, if client authentication is required or a message is exchanged in the keys. This method results in a fixed secret key between two peers based on a Diffie-Hellman calculation using a fixed public key.
Ephemeral Diffie-Hellman: This method is used to create ephemeral (temporary, one-time) secret keys. In this case, the Diffie-Hellman public keys are exchanged and signed using the sender's private RSA or DSS key. The receiver can use the appropriate public key to verify the signature. Certificates are used to authenticate public keys. This option appears to be the most reliable of the three Diffie-Hellman variants, because it leads to a temporary, authenticated key.
Anonymous Diffie-Hellman: The basic Diffie-Hellman algorithm is used, with no authentication. That is, each side sends its public Diffie-Hellman parameters to the other, without authentication. This approach is vulnerable to humans in the middle of an attack in which the attacker conducts anonymous Diffie-Hellman exchanges with both parties.