OpenSSL version 3.0.0-alpha1 published

Richard Levitte levitte at
Fri May 1 04:36:40 UTC 2020

On Sun, 26 Apr 2020 11:35:14 +0200,
Yann Ylavic wrote:
> On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx <kurt at> wrote:
> >
> > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote:
> > >
> > > - DH_bits(dh) (used for logging only in httpd)
> > > Replaced by BN_num_bits(DH_get0_p(dh)).
> > > Not sure this one should be deprecated, it seems to be used in several
> > > places in openssl codebase still, no replacement?
> >
> > I think the replacement is using the EVP_PKEY API and then use
> > EVP_PKEY_bits()
> Sure, but if all you have is a DH object (say obtained by
> DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does
> not help.
> It seems a bit odd to me that DH_bits() or DH_security_bits() are
> deprecated, but not DH_get0_*() or DH_get_length() for instance.

The DH_get0_* functions are useful in contructing other low-level DH
objects using the same numbers as the one you currently have.  I don't
quite see that DH_bits() would be useful in that manner.

Along that line of thinking, I agree that it's odd that
DH_get_length() wasn't deprecated.  I can't remember if it was
discussed in particular...  it might simply be an omission.

All that being said, DH_bits() was undeprecated yesterday.  See


Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-users mailing list