[openssl-users] Openssl software failure for RSA 16K modulus
Erwann Abalea
Erwann.Abalea at docusign.com
Thu Jul 21 10:31:03 UTC 2016
Largest accepted client key exchange message length seems to be set to 2048 bytes.
Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead).
OpenSSL is too conservative here.
Cordialement,
Erwann Abalea
Le 21 juil. 2016 à 10:32, Gupta, Saurabh <Saurabh.Gupta at cavium.com<mailto:Saurabh.Gupta at cavium.com>> a écrit :
This issue, I'm facing for openssl-1.0.2e/g/h version.
Run openssl server: Used 16K Certificate and Key
./openssl s_server -cert sercert16384.pem -key server16384
Run openssl client:
./openssl s_client -connect <server_ip>:port_number -cipher AES128-SHA -tls1
ERROR
139812135450280:error:1408E098:SSL routines:ssl3_get_message:excessive message size:s3_both.c:417:
This error is coming while using AES128-SHA as a cipher and tls1/1_1/1_2 protocols. It's working fine with ssl3 protocol.
Note:
1. This issue, I didn't face for the openssl-1.0.1p/e version.
Can you please confirm. is this known issue?
if it is the known issue. Can you please share that fix?
Regards,
Saurabh
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160721/01d6d941/attachment-0001.html>
More information about the openssl-users
mailing list