<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 6/6/2018 12:11 PM, Sanjaya Joshi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANK1YioJFhDCexZKt+HuyUMBuv7Zwb8tePVXN3TAtDxkO81qNw@mail.gmail.com">
<div dir="ltr">I understood that when DHE ciphers are tried to be
used between two entities, it's only the server that plays a
role about selection of the DH parameters. This is not
negotiable with the client. For e.g., the server can freely use
a very low not-recommended DH group with 512 bit key length and
the client cannot deny it.</div>
</blockquote>
<br>
I'm pretty sure that clients can and do refuse to talk to servers
with small DH parameters.<br>
<br>
Current OpenSSL isn't willing to connect to a server using a DH key
size below 1024 bits.<br>
<br>
<a class="moz-txt-link-freetext" href="https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/">https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/</a><br>
<blockquote>To protect OpenSSL-based clients, we’re increasing the
minimum accepted DH key size to 768 bits immediately in the next
release, and to 1024 bits soon after. </blockquote>
<br>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle Solaris</pre>
</body>
</html>