DH parameter reading in OPENSSL 3
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jul 13 15:44:08 UTC 2022
On Wed, Jul 13, 2022 at 04:35:42PM +0200, Dirk Stöcker wrote:
> when upgrading to openssl3 my code states that some functions are
> deprecated in openssl 3, but even after reading documentation I was
> unable to find a non-deprecated replacement.
https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_dh.c#L148-L205
> Now it seems the default can be replaced by
>
> SSL_CTX_set_dh_auto(context, 1);
This is preferred over all explicit parameter choices, as it allows the
server and client to negotiate a common known-strong group.
--
Viktor.
More information about the openssl-users
mailing list