[openssl-users] Selection of DHE ciphers based on modulus size of DH

Sanjaya Joshi joshi.sanjaya at gmail.com
Fri Jun 8 10:15:13 UTC 2018

Thank you Matt and Jordan. So, it seems that it's possible to modify my
client to accept/reject the DH group key length. But i have one more issue
to be clarified.

Is it possible that if a client does not accept the DH group key length
used by the server, then, a different possible cipher (for e.g., RSA) is
tried to be negotiated. It seems that the connection is rejected, instead
of falling back to a different possible cipher. At least, i tested this
quickly using s_client and s_server, and the behavior is as stated above,
i.e., no fallback and connection was terminated. Is this the default
OpenSSL behavior or this behaviour could be modified somehow by
applications ?


On Thu, Jun 7, 2018 at 8:43 PM, Matt Caswell <matt at openssl.org> wrote:

> On 07/06/18 16:02, Jordan Brown wrote:
> > I do not understand, however, how the 80 relates to a 1024-bit limit.
> It's a measure of the "security bits" of an algorithm according to table
> 2 in this doc:
> https://nvlpubs.nist.gov/nistpubs/specialpublications/
> nist.sp.800-57pt1r4.pdf
> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180608/7484b6a7/attachment.html>

More information about the openssl-users mailing list