[openssl-users] DH p parameter length

Andrey Ribalko andrey.ribalko at gmail.com
Tue Aug 29 05:02:17 UTC 2017

Hello everybody,

I'm trying to force openssl s_server to use DH p parameter of 2048 bits
length, but I can't find the way to do it.
I've noticed that the length of p parameter depends on chosen cipher.
For example, if I'm using DHE_PSK_WITH_AES_128_CBC_SHA256 the length of p
parameter is 1024 bits,
but if I'm using DHE_PSK_WITH_AES_256_CBC_SHA384 the length is 3072 bits.

I've tried to generate DH parameters PEM file by the following command:

*openssl genpkey -genparam -algorithm DH -out /tmp/test_dh_params.pem
-pkeyopt dh_paramgen_prime_len:2048*
And to load the file to s_server by:

*openssl s_server -state -trace -dhparam /tmp/test_dh_params.pem -accept
443 -psk 1a2b3c4d -nocert*
But I'm getting an error:

*Error with command: "-dhparam /tmp/test_dh_params.pem"*
Is there an easy way to do what I'm trying to do?
Any help would be appreciated.

Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170829/4f267113/attachment.html>

More information about the openssl-users mailing list