[openssl-users] How to enforce DH field size in the client?
Jeffrey Walton
noloader at gmail.com
Mon Oct 5 15:55:36 UTC 2015
Hi Everyone,
Based on the docs for SSL_CTX_set_tmp_dh_callback(3), the callback is
supposed to be invoked for DH parameter selection. The docs also
avoid/fail to state its a server only feature, so its not clear to me
if the client is able to use it.
Its appears SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback
are not invoked at the client when the temporary pubic key is
selected, so there does not appear to be a way to query the field size
and fail the connection.
ARe clients supposed to be informed of DH parameter selection via
SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback? Or is
there another method available?
At the client, how do we enforce minimum Diffie-Hellman field sizes?
Jeff
More information about the openssl-users
mailing list