Matt Caswell matt at
Fri Feb 21 23:27:55 UTC 2020

On 21/02/2020 23:18, Kurt Roeckx wrote:
> On Fri, Feb 21, 2020 at 11:00:10PM +0000, Matt Caswell wrote:
>> dhparam itself has been deprecated. For that reason we are not
>> attempting to rewrite it to use non-deprecated APIs. The informed
>> decision we have made about DH_check use in dhparam is to not build the
>> whole application in a no-deprecated build:
>>   *) The command line utilities dhparam, dsa, gendsa and dsaparam have been
>>      deprecated.  Instead use the pkeyparam, pkey, genpkey and pkeyparam
>>      programs respectively.
>>      [Paul Dale]
> For some reason I seem to have missed various things.
> But I think deprecating tools like dhparam, dsaparam in favour of
> genpkey is something that we should reconsider.

What is your reasoning?

(I just realised that what the CHANGES entry says is that
dhparam/dsaparam are deprecated in favour of pkeyparam - but actually I
think the equivalent functionality is more split between genpkey and


More information about the openssl-project mailing list