[openssl-users] Openssl software failure for RSA 16K modulus

[Salz, Rich]

> Largest accepted client key exchange message length seems to be set to 2048 bytes. 
> Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead).

> OpenSSL is too conservative here.

Why not use an ECC key?

We have to make trade-offs.  Who uses a 16K RSA key?