OpenSSL 3.0 different behaviour on smaller DH groups?

Michael Richardson mcr at sandelman.ca
Tue Apr 5 17:33:28 UTC 2022


Simon Chopin <simon.chopin at canonical.com> wrote:
    > This test suite fails several times with a failed call to
    > EVP_PKEY_derive_set_peer, without much more details:
    > https://github.com/net-ssh/net-ssh/blob/master/test/transport/kex/test_diffie_hellman_group14_sha1.rb

    > However, the *exact same* test suite works, with the only difference
    > being that the failing suite uses the DH group 14, which is 2048bits,
    > whereas the one that passes uses the group 1, which the Internet tells
    > me is 768bits.

DH groups of 768bits are considered too weak.
I wonder if openssl 3 is declining to do anymore, and/or has been compiled
with an option to drop support for that size.
(I have no knowledge of that part of openssl)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220405/94e04264/attachment.sig>


More information about the openssl-users mailing list