[openssl-users] Openssl software failure for RSA 16K modulus

Erwann Abalea Erwann.Abalea at docusign.com
Thu Jul 21 10:31:03 UTC 2016

Largest accepted client key exchange message length seems to be set to 2048 bytes.
Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead).

OpenSSL is too conservative here.

Erwann Abalea

Le 21 juil. 2016 à 10:32, Gupta, Saurabh <Saurabh.Gupta at cavium.com<mailto:Saurabh.Gupta at cavium.com>> a écrit :

This issue, I'm facing for openssl-1.0.2e/g/h version.

Run openssl server: Used 16K Certificate and Key
./openssl s_server -cert sercert16384.pem -key server16384

Run openssl client:
./openssl s_client -connect <server_ip>:port_number -cipher AES128-SHA -tls1


139812135450280:error:1408E098:SSL routines:ssl3_get_message:excessive message size:s3_both.c:417:

This error is coming while using AES128-SHA as a cipher and tls1/1_1/1_2 protocols. It's working fine with ssl3 protocol.

1. This issue, I didn't face for the openssl-1.0.1p/e version.

Can you please confirm. is this known issue?
if it is the known issue. Can you please share that fix?

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160721/01d6d941/attachment-0001.html>

More information about the openssl-users mailing list