[openssl-users] Selection of DHE ciphers based on modulus size of DH

Jakob Bohm jb-openssl at wisemo.com
Fri Jun 8 11:00:37 UTC 2018


(Top posting for consistency).

Once the client receives the TLS1.2 servers choice of DH group,
it can either accept it or abort the connection.

However if both client and server support the "supported_groups"
extension (RFC4492) with the additional DH group identifiers in
RFC7919, they can negotiate a common accepted group of desired
strength, though the mechanism (like TLS1.3) is artificially
limited to a fixed set of groups listed in the RFC.


On 08/06/2018 12:15, Sanjaya Joshi wrote:
> Hello,
> Thank you Matt and Jordan. So, it seems that it's possible to modify 
> my client to accept/reject the DH group key length. But i have one 
> more issue to be clarified.
>
> Is it possible that if a client does not accept the DH group key 
> length used by the server, then, a different possible cipher (for 
> e.g., RSA) is tried to be negotiated. It seems that the connection is 
> rejected, instead of falling back to a different possible cipher. At 
> least, i tested this quickly using s_client and s_server, and the 
> behavior is as stated above, i.e., no fallback and connection was 
> terminated. Is this the default OpenSSL behavior or this behaviour 
> could be modified somehow by applications ?
>
> Regards,
> Sanjaya
>
> On Thu, Jun 7, 2018 at 8:43 PM, Matt Caswell <matt at openssl.org 
> <mailto:matt at openssl.org>> wrote:
>
>
>
>     On 07/06/18 16:02, Jordan Brown wrote:
>     > I do not understand, however, how the 80 relates to a 1024-bit
>     limit.
>
>     It's a measure of the "security bits" of an algorithm according to
>     table
>     2 in this doc:
>     https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf
>     <https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf>
>

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list