[openssl-users] Selection of DHE ciphers based on modulus size of DH
Jordan Brown
openssl at jordan.maileater.net
Thu Jun 7 15:02:40 UTC 2018
On 6/6/2018 11:22 PM, Sanjaya Joshi wrote:
> >>Current OpenSSL isn't willing to connect to a server using a DH key size
> below 1024 bits.
> Yes, i have verified this. However, not sure, how my OpenSSL-based
> client can do this, as our requirement is that we must not use DH key
> size below 2048 bits.
>
> >> I'm pretty sure that clients can and do refuse to talk to servers
> with small DH parameters.
> Could you please provide some more clues how a client can do so ?
The 1024-bit DH limit is implemented in the OpenSSL client library. I
don't know if the calling application has any control or any visibility
onto that decision.
(But note: it's still the client that's making the decision, from the
perspective of the TLS protocol.)
A bit of searching later...
It looks like the key test is here:
https://github.com/openssl/openssl/blob/e6e9170d6e28038768895e1af18e3aad8093bf4b/ssl/ssl_cert.c#L921
/*
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
* anything goes.
*/
if (op == SSL_SECOP_TMP_DH && bits < 80)
return 0;
return 1;
and it looks like you can plug in your own function using
SSL_set_security_callback. I do not understand, however, how the 80
relates to a 1024-bit limit.
Here's the documentation:
https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_security_callback.html
--
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180607/e083496e/attachment.html>
More information about the openssl-users
mailing list