[openssl-users] Working with large DH parameters
Jeffrey Walton
noloader at gmail.com
Sat May 16 23:43:51 UTC 2015
On Sat, May 16, 2015 at 7:29 PM, Benny Baumann <BenBE at geshi.org> wrote:
>>>> There is a limit of 10000: #define OPENSSL_DH_MAX_MODULUS_BITS
>>>> 10000
> I suggested replacing this compile time constant by a SSL_CTX option,
> but due to the lack of configuring this without having to change all
> programs there's no patch for this yet...
>
A related issue is there are no more bits available in the options.
SSL_OP_SAFARI_ECDHE_ECDSA_BUG re-purposed an exiting bit.
Jeff
More information about the openssl-users
mailing list