[openssl-users] openssl-101m server and openssl-101q client TLS1.2 failure

Matt Caswell matt at openssl.org
Wed Dec 23 16:04:22 UTC 2015

On 23/12/15 15:54, Jayadev Kumar wrote:
> routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3415:

Ah. The above line is the critical bit. This is as a result of the
logjam protections that were part of 1.0.1n. See:

1.0.1m s_server uses DH parameters that are too small by default. You
can generate new ones using:

$ openssl dhparam -out dhparam.pem 2048

Then start s_server using:

$ openssl s_server -msg -dhparam dhparam.pem

You should find that 1.0.1q client can interoperate with the above just


More information about the openssl-users mailing list