[openssl-users] Openssl software failure for RSA 16K modulus

Salz, Rich rsalz at akamai.com
Thu Jul 21 12:15:15 UTC 2016


> Largest accepted client key exchange message length seems to be set to 2048 bytes. 
> Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead).

> OpenSSL is too conservative here.

Why not use an ECC key?

We have to make trade-offs.  Who uses a 16K RSA key?


More information about the openssl-users mailing list