[openssl-users] How to enforce DH field size in the client?
ramahmoo
rashid_m180 at yahoo.com
Thu Oct 8 08:10:09 UTC 2015
>>This should be possible via configuration, not just explicit API
>>calls from applications that go to the extra trouble.
How is it possible via configuration?
I have seen in s3_clnt.c, openssl check for server dh prime size against a
hardcoded value
/if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_DH_KEY_TOO_SMALL);
goto f_err;
} /
Why it is not possible to initialize the compared constant key size via some
public method?
--
View this message in context: http://openssl.6102.n7.nabble.com/How-to-enforce-DH-field-size-in-the-client-tp60442p60480.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users
mailing list