[openssl-users] What key length is used for DHE by default ?

mancha mancha1 at zoho.com
Sun May 24 03:33:39 UTC 2015

On Fri, 22 May 2015 at 11:17:21AM +0100, Matt Caswell wrote:
> On 22/05/15 11:11, Nayna Jain wrote:
> > Hi,
> > 
> > With the latest logjam attack, as I was trying to verify if my
> > server (lighttpd) accepts DHE_xxx  ciphers,  I saw that it accepted
> > and I didn't do any configuration setting done for DH parameters
> > explicitly.
> > 
> > But I couldn't verify what is the key length did it use by default
> > 512/1024/2048 ?
> > 
> > Eg. the one it negotiated was DHE-RSA-AES128-SHA256  and for TLSv1.2
> > protocol ?
> > 
> > Will the key length be different for different protocols like
> > SSLv3/TLSv1.0/TLSv1.1/TLSv1.2?  If yes , then what for each of them.
> How that is configured depends on the application that is using
> OpenSSL. A quick google search throws up this:
> http://redmine.lighttpd.net/projects/1/wiki/docs_ssl
> 'Diffie-Hellman and Elliptic-Curve Diffie-Hellman parameters
> Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement
> protocols will be supported in lighttpd 1.4.29. By default,
> Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement
> protocols use, respectively, the 1024-bit MODP Group with 160-bit
> prime order subgroup from RFC 5114 and "prime256v1" (also known as
> "secp256r1") elliptic curve from RFC 4492. The Elliptic-Curve
> Diffie-Hellman key agreement protocol is supported in OpenSSL from
> 0.9.8f version onwards. For maximum interoperability, OpenSSL only
> supports the "named curves" from RFC 4492.
> Using the ssl.dh-file and ssl.ec-curve configuration variables, you
> can define your own set of Diffie-Hellman domain parameters. For
> example:
> ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
> ssl.ec-curve = "secp384r1"'

OpenSSL users might like to know you can use s_client to diagnose a
server's Diffie-Hellman profile. Starting with OpenSSL 1.0.2 you can do:

$ openssl s_client -connect www.example.com:443 -cipher "EDH" | grep
"Server Temp Key"

If you're testing a server that uses a small (weak) DH group the above
command might output something like:

Server Temp Key: DH, 512 bits

Note: If you're on OpenSSL 1.0.1 you'll need to apply my back port to
have this functionality:



P.S. That command also shows the elliptic curve name and bit size when
using ECDHE and the RSA modulus bit size when RSA is used for the
temporary key (as done by some export ciphers).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150524/2ce5a050/attachment.sig>

More information about the openssl-users mailing list