understand 'openssl dhparms ....'

Matt Caswell matt at openssl.org
Tue Feb 19 10:47:44 UTC 2019



On 19/02/2019 08:57, Matthias Apitz wrote:
> 
> Two questions:
> 
> 1. Why this has no input file? Shouldn't it have on, and which? The man
> page says, it would read stdin, but it doesn't do so.

The man page in question is here:

https://www.openssl.org/docs/man1.1.1/man1/dhparam.html

I draw your attention to the description of the "numbits" value (i.e. 1024 in
your command line):

"This option specifies that a parameter set should be generated of size numbits.
It must be the last option. If this option is present then the input file is
ignored and parameters are generated instead. If this option is not present but
a generator (-2 or -5) is present, parameters are generated with a default
length of 2048 bits."

So by specifying 1024 you are asking to *generate* new parameters of size 1024
bits and so the input file is ignored.

> 
> 2. When I re-run the examples today the above command does not even
> produces a file 'dh1024.pem', but writes the result to stdout:
> 
> openssl dhparam 1024 -2 -outform PEM -out dh1024.pem 
> .... (lot of random output) ...
> -----BEGIN DH PARAMETERS-----
> MIGHAoGBAIc6JqvNBSGwdBBzIJQAuq+TG+ttNNYZcUv/p3/nloWGwxeCKqWt2M4x
> z6WsA3tVbykRw80A0Rja2y7IHZ9dGJc/guxrxUpNketeSddFzGicz6mrEafSdurd
> ephztXEmQ63XP4ULPlcaOXzYk6GLUXFYKVYuIHnpdcJLLRMFWZ0bAgEC
> -----END DH PARAMETERS-----
> 
> How this is supposed to work? Thanks

The options are the wrong way around the numbits value is supposed to be last -
so actually the rest of your options are being ignored. The command line should be:

openssl dhparam -2 -outform PEM -out dh1024.pem 1024

It seems that in OpenSSL 1.1.0 we got stricter about the ordering of the command
line parameters. We probably really ought to error out if there are trailing
options that we haven't processed.

Note that 1024 is these days considered too short. At a *minimum* you should be
using at least 2048.

I would also draw your attention to the SSL_CTX_set_dh_auto() and
SSL_set_dh_auto() macros that your server can use (available since OpenSSL
1.1.0). These are sadly undocumented (grrrrr) but the use is straight forward:

SSL_CTX_set_dh_auto(ctx, 1);
or
SSL_set_dh_auto(s, 1);

By making these calls then your server will use automatic built-in DH parameters
and there is no need to supply your own explicitly.

Matt


More information about the openssl-users mailing list