[openssl-dev] What key length is used for DHE by default ?
Hubert Kario
hkario at redhat.com
Fri May 22 10:57:43 UTC 2015
On Friday 22 May 2015 15:41:09 Nayna Jain wrote:
> Hi,
>
> With the latest logjam attack, as I was trying to verify if my server
> (lighttpd) accepts DHE_xxx ciphers, I saw that it accepted and I didn't
> do any configuration setting done for DH parameters explicitly.
There's no default in OpenSSL, applications need to set the DH parameters
themselves.
> But I couldn't verify what is the key length did it use by default
> 512/1024/2048 ?
openssl s_client -connect hostname:443 -cipher EDH </dev/null 2>/dev/null |
grep 'Server Temp Key'
> Will the key length be different for different protocols like
> SSLv3/TLSv1.0/TLSv1.1/TLSv1.2? If yes , then what for each of them.
no, it will be the same for all protocols
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150522/d2e65080/attachment.sig>
More information about the openssl-dev
mailing list