[openssl-users] What key length is used for DHE by default ?

Matt Caswell matt at openssl.org
Fri May 22 10:17:21 UTC 2015

On 22/05/15 11:11, Nayna Jain wrote:
> Hi,
> With the latest logjam attack, as I was trying to verify if my server
> (lighttpd) accepts DHE_xxx  ciphers,  I saw that it accepted and I
> didn't do any configuration setting done for DH parameters explicitly.
> But I couldn't verify what is the key length did it use by default
> 512/1024/2048 ?
> Eg. the one it negotiated was DHE-RSA-AES128-SHA256  and for TLSv1.2
> protocol ?
> Will the key length be different for different protocols like
> SSLv3/TLSv1.0/TLSv1.1/TLSv1.2?  If yes , then what for each of them.

How that is configured depends on the application that is using OpenSSL.
A quick google search throws up this:


'Diffie-Hellman and Elliptic-Curve Diffie-Hellman parameters
Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols
will be supported in lighttpd 1.4.29. By default, Diffie-Hellman and
Elliptic-Curve Diffie-Hellman key agreement protocols use, respectively,
the 1024-bit MODP Group with 160-bit prime order subgroup from RFC 5114
and "prime256v1" (also known as "secp256r1") elliptic curve from RFC
4492. The Elliptic-Curve Diffie-Hellman key agreement protocol is
supported in OpenSSL from 0.9.8f version onwards. For maximum
interoperability, OpenSSL only supports the "named curves" from RFC 4492.

Using the ssl.dh-file and ssl.ec-curve configuration variables, you can
define your own set of Diffie-Hellman domain parameters. For example:

ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
ssl.ec-curve = "secp384r1"'


More information about the openssl-users mailing list