[openssl-users] Selection of DHE ciphers based on modulus size of DH

Jordan Brown openssl at jordan.maileater.net
Thu Jun 7 03:22:01 UTC 2018

On 6/6/2018 12:11 PM, Sanjaya Joshi wrote:
> I understood that when DHE ciphers are tried to be used between two
> entities, it's only the server that plays a role about selection of
> the DH parameters. This is not negotiable with the client. For e.g.,
> the server can freely use a very low not-recommended DH group with 512
> bit key length and the client cannot deny it.

I'm pretty sure that clients can and do refuse to talk to servers with
small DH parameters.

Current OpenSSL isn't willing to connect to a server using a DH key size
below 1024 bits.


    To protect OpenSSL-based clients, we’re increasing the minimum
    accepted DH key size to 768 bits immediately in the next release,
    and to 1024 bits soon after. 

Jordan Brown, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180606/70e16a5c/attachment-0001.html>

More information about the openssl-users mailing list