<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 6/6/2018 11:22 PM, Sanjaya Joshi
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANK1YioZqre4R=64=xNe-GKLL2xju7JDp0PrR=kugdtu_fvVHQ@mail.gmail.com">
<div dir="ltr"><span
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">>>Current
OpenSSL isn't willing to connect to a server using a DH key
size below 1024 bits.</span><br
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">
<div>
Yes, i have verified this. However, not sure, how my
OpenSSL-based client can do this, as our requirement is that
we must not use DH key size below 2048 bits.</div>
<div><br>
</div>
<div>>>
<span
style="text-decoration-style:initial;text-decoration-color:initial;font-size:12.8px;background-color:rgb(255,255,255);float:none;display:inline">I'm
pretty sure that clients can and do refuse to talk to
servers with small DH parameters.</span><br
style="text-decoration-style:initial;text-decoration-color:initial;font-size:12.8px;background-color:rgb(255,255,255)">
</div>
<div><span
style="text-decoration-style:initial;text-decoration-color:initial;font-size:12.8px;background-color:rgb(255,255,255);float:none;display:inline">Could
you please provide some more clues how a client can do so ?</span></div>
</div>
</blockquote>
<br>
The 1024-bit DH limit is implemented in the OpenSSL client library.
I don't know if the calling application has any control or any
visibility onto that decision.<br>
<p>(But note: it's still the client that's making the decision, from
the perspective of the TLS protocol.)</p>
<p>A bit of searching later...</p>
<p>It looks like the key test is here:</p>
<p><a class="moz-txt-link-freetext" href="https://github.com/openssl/openssl/blob/e6e9170d6e28038768895e1af18e3aad8093bf4b/ssl/ssl_cert.c#L921">https://github.com/openssl/openssl/blob/e6e9170d6e28038768895e1af18e3aad8093bf4b/ssl/ssl_cert.c#L921</a></p>
<blockquote>
<pre> /*
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
* anything goes.
*/
if (op == SSL_SECOP_TMP_DH && bits < 80)
return 0;
return 1;
</pre>
</blockquote>
<p>and it looks like you can plug in your own function using
SSL_set_security_callback. I do not understand, however, how the
80 relates to a 1024-bit limit.</p>
<p>Here's the documentation:</p>
<p><a class="moz-txt-link-freetext" href="https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_security_callback.html">https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_security_callback.html</a><br>
</p>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle Solaris</pre>
</body>
</html>