<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 6/6/2018 11:22 PM, Sanjaya Joshi
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CANK1YioZqre4R=64=xNe-GKLL2xju7JDp0PrR=kugdtu_fvVHQ@mail.gmail.com">
      <div dir="ltr"><span
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">>>Current
          OpenSSL isn't willing to connect to a server using a DH key
          size below 1024 bits.</span><br
style="font-size:12.8px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">
        <div>
          Yes, i have verified this. However, not sure, how my
          OpenSSL-based client can do this, as our requirement is that
          we must not use DH key size below 2048 bits.</div>
        <div><br>
        </div>
        <div>>>
          <span
style="text-decoration-style:initial;text-decoration-color:initial;font-size:12.8px;background-color:rgb(255,255,255);float:none;display:inline">I'm
            pretty sure that clients can and do refuse to talk to
            servers with small DH parameters.</span><br
style="text-decoration-style:initial;text-decoration-color:initial;font-size:12.8px;background-color:rgb(255,255,255)">
        </div>
        <div><span
style="text-decoration-style:initial;text-decoration-color:initial;font-size:12.8px;background-color:rgb(255,255,255);float:none;display:inline">Could
            you please provide some more clues how a client can do so ?</span></div>
      </div>
    </blockquote>
    <br>
    The 1024-bit DH limit is implemented in the OpenSSL client library. 
    I don't know if the calling application has any control or any
    visibility onto that decision.<br>
    <p>(But note: it's still the client that's making the decision, from
      the perspective of the TLS protocol.)</p>
    <p>A bit of searching later...</p>
    <p>It looks like the key test is here:</p>
    <p><a class="moz-txt-link-freetext" href="https://github.com/openssl/openssl/blob/e6e9170d6e28038768895e1af18e3aad8093bf4b/ssl/ssl_cert.c#L921">https://github.com/openssl/openssl/blob/e6e9170d6e28038768895e1af18e3aad8093bf4b/ssl/ssl_cert.c#L921</a></p>
    <blockquote>
      <pre>        /*
         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
         * anything goes.
         */
        if (op == SSL_SECOP_TMP_DH && bits < 80)
            return 0;
        return 1;
</pre>
    </blockquote>
    <p>and it looks like you can plug in your own function using
      SSL_set_security_callback.  I do not understand, however, how the
      80 relates to a 1024-bit limit.</p>
    <p>Here's the documentation:</p>
    <p><a class="moz-txt-link-freetext" href="https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_security_callback.html">https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_security_callback.html</a><br>
    </p>
    <pre class="moz-signature" cols="72">-- 
Jordan Brown, Oracle Solaris</pre>
  </body>
</html>