<div dir="ltr"><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich <<a href="mailto:rsalz@akamai.com">rsalz@akamai.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">





<div lang="EN-US">
<div class="gmail-m_-5635838145277560104WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="gmail-m_-5635838145277560104MsoListParagraph" style="margin-left:0in">Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port<u></u><u></u></li></ul>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">TLS 1.3 doesn’t have those groups.</p></div></div></div></blockquote><div>Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.<br>enum {<br><br>    /* Elliptic Curve Groups (ECDHE) */<br>    secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),<br>    x25519(0x001D), x448(0x001E),<br><br>    /* Finite Field Groups (DHE) */<br>    ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),<br>    ffdhe6144(0x0103), ffdhe8192(0x0104),<br><br>    /* Reserved Code Points */<br>    ffdhe_private_use(0x01FC..0x01FF),<br>    ecdhe_private_use(0xFE00..0xFEFF),<br>    (0xFFFF)<br>} NamedGroup;</div><div><br></div><div>[1] <a href="https://tools.ietf.org/html/rfc8446#section-4.2.7">https://tools.ietf.org/html/rfc8446#section-4.2.7</a> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_-5635838145277560104WordSection1"><div>
</div>
</div>
</div>

</blockquote></div></div>