<div dir="ltr"><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich <<a href="mailto:rsalz@akamai.com">rsalz@akamai.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_-5635838145277560104WordSection1">
<ul style="margin-top:0in" type="disc">
<li class="gmail-m_-5635838145277560104MsoListParagraph" style="margin-left:0in">Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port<u></u><u></u></li></ul>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">TLS 1.3 doesn’t have those groups.</p></div></div></div></blockquote><div>Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.<br>enum {<br><br> /* Elliptic Curve Groups (ECDHE) */<br> secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),<br> x25519(0x001D), x448(0x001E),<br><br> /* Finite Field Groups (DHE) */<br> ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),<br> ffdhe6144(0x0103), ffdhe8192(0x0104),<br><br> /* Reserved Code Points */<br> ffdhe_private_use(0x01FC..0x01FF),<br> ecdhe_private_use(0xFE00..0xFEFF),<br> (0xFFFF)<br>} NamedGroup;</div><div><br></div><div>[1] <a href="https://tools.ietf.org/html/rfc8446#section-4.2.7">https://tools.ietf.org/html/rfc8446#section-4.2.7</a> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-US"><div class="gmail-m_-5635838145277560104WordSection1"><div>
</div>
</div>
</div>
</blockquote></div></div>