Fwd: Requesting to share OpenSSL commands to increase G Pramaeter length in DHE Cipher.
Kurt Roeckx
kurt at roeckx.be
Wed Mar 3 16:08:31 UTC 2021
On Wed, Mar 03, 2021 at 04:14:17PM +0530, Vadivel P wrote:
> Hi OpenSSL team,
>
> We are looking for the command line option or any other way to increase the
> DHE G Parameter length to 256 bytes, by default it's 2 now, we need to
> modify it as 256 byte on the server side for our testing either by command
> line or with any other option.we need it for our local server bring up.
> Please support us.
The default generator is the value 2, not 2 bytes. And if you
really need to generate your own DHE keys, using the generator 2
makes perfect sense. Using a larger generator does not add any
security, it just makes it slower.
But I really suggest that you use standardized parameters like the
ones from RFC7919. Note that all the generators in that RFC also
use 2 as the generator.
OpenSSL has no support for generating safe primes with a 256
byte/2048 bit generator.
More information about the openssl-users
mailing list