DH parameter reading in OPENSSL 3

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jul 13 15:44:08 UTC 2022

On Wed, Jul 13, 2022 at 04:35:42PM +0200, Dirk Stöcker wrote:

> when upgrading to openssl3 my code states that some functions are 
> deprecated in openssl 3, but even after reading documentation I was 
> unable to find a non-deprecated replacement.


> Now it seems the default can be replaced by
>   SSL_CTX_set_dh_auto(context, 1);

This is preferred over all explicit parameter choices, as it allows the
server and client to negotiate a common known-strong group.


More information about the openssl-users mailing list