Support FFDHE?
Nicola Tuveri
nic.tuv at gmail.com
Thu Feb 27 09:27:12 UTC 2020
FFDHE arrived quite late so it missed the window for being included in the
1.1.1 release and won't be added to it in a patch release as it is a new
feature.
FFDHE support is available in master so it will be part of the upcoming 3.0
release and it is already possible to test it using a development build
from latest master.
Best regards,
Nicola Tuveri
On Thu, Feb 27, 2020, 10:15 John Jiang <john.sha.jiang at gmail.com> wrote:
> I would have highlighted that OpenSSL 1.1.1d was being used in my testing.
>
> On Thu, Feb 27, 2020 at 5:13 PM John Jiang <john.sha.jiang at gmail.com>
> wrote:
>
>> Hi,
>> It sounds FFDHE groups are already supported [1]
>> But the tools, like s_client, also support them.
>> Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
>> it just raised the issue: Error with command: "-groups ffdhe2048"
>> If using P-256 or X25519, it worked fine.
>>
>> I also tried option "-groups FFDHE2048". The same error raised again.
>>
>> [1] https://github.com/openssl/openssl/pull/8178
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200227/ab4eac2a/attachment.html>
More information about the openssl-users
mailing list