OpenSSL 3.0 different behaviour on smaller DH groups?

Michael Richardson mcr at
Tue Apr 5 17:33:28 UTC 2022

Simon Chopin <simon.chopin at> wrote:
    > This test suite fails several times with a failed call to
    > EVP_PKEY_derive_set_peer, without much more details:

    > However, the *exact same* test suite works, with the only difference
    > being that the failing suite uses the DH group 14, which is 2048bits,
    > whereas the one that passes uses the group 1, which the Internet tells
    > me is 768bits.

DH groups of 768bits are considered too weak.
I wonder if openssl 3 is declining to do anymore, and/or has been compiled
with an option to drop support for that size.
(I have no knowledge of that part of openssl)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list