[openssl-users] Selection of DHE ciphers based on modulus size of DH
openssl at jordan.maileater.net
Thu Jun 7 15:02:40 UTC 2018
On 6/6/2018 11:22 PM, Sanjaya Joshi wrote:
> >>Current OpenSSL isn't willing to connect to a server using a DH key size
> below 1024 bits.
> Yes, i have verified this. However, not sure, how my OpenSSL-based
> client can do this, as our requirement is that we must not use DH key
> size below 2048 bits.
> >> I'm pretty sure that clients can and do refuse to talk to servers
> with small DH parameters.
> Could you please provide some more clues how a client can do so ?
The 1024-bit DH limit is implemented in the OpenSSL client library. I
don't know if the calling application has any control or any visibility
onto that decision.
(But note: it's still the client that's making the decision, from the
perspective of the TLS protocol.)
A bit of searching later...
It looks like the key test is here:
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
* anything goes.
if (op == SSL_SECOP_TMP_DH && bits < 80)
and it looks like you can plug in your own function using
SSL_set_security_callback. I do not understand, however, how the 80
relates to a 1024-bit limit.
Here's the documentation:
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users