[openssl-dev] What key length is used for DHE by default ?
Nayna Jain
naynjain at in.ibm.com
Fri May 22 15:48:19 UTC 2015
Hi Hubert,
Thanks..
I tried the command you mentioned i.e.
openssl s_client -connect hostname:443 -cipher EDH </dev/null 2>/dev/null |
grep 'Server Temp Key'
But it didn't output anything.
Thanks & Regards,
Nayna Jain
From: Hubert Kario <hkario at redhat.com>
To: openssl-dev at openssl.org
Cc: Nayna Jain/India/IBM at IBMIN, OpenSSL Users List
<openssl-users at openssl.org>
Date: 05/22/2015 04:28 PM
Subject: Re: [openssl-dev] What key length is used for DHE by default ?
On Friday 22 May 2015 15:41:09 Nayna Jain wrote:
> Hi,
>
> With the latest logjam attack, as I was trying to verify if my server
> (lighttpd) accepts DHE_xxx ciphers, I saw that it accepted and I didn't
> do any configuration setting done for DH parameters explicitly.
There's no default in OpenSSL, applications need to set the DH parameters
themselves.
> But I couldn't verify what is the key length did it use by default
> 512/1024/2048 ?
openssl s_client -connect hostname:443 -cipher EDH </dev/null 2>/dev/null |
grep 'Server Temp Key'
> Will the key length be different for different protocols like
> SSLv3/TLSv1.0/TLSv1.1/TLSv1.2? If yes , then what for each of them.
no, it will be the same for all protocols
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
[attachment "signature.asc" deleted by Nayna Jain/India/IBM]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150522/63391f8d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150522/63391f8d/attachment.gif>
More information about the openssl-dev
mailing list