Query minimum RSA key size?

Viktor Dukhovni openssl-users at dukhovni.org
Mon Sep 26 14:01:58 UTC 2022


On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:

> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.

No such change was made.  Perhaps your OS distribution has bumped the
default (TLS) security level from 1 (80-bit or more) to 2 (~112 bit or
more).  You can look in the system-wide openssl.cnf file.

> Is the new minimum key size queryable? It appears to be 2,048, but in
> the event that that changes again I’d ideally love just to grab that
> value from OpenSSL itself rather than hard-coding it.

The security levels are documented.  You can set the security level
in the cipher string:

    DEFAULT:@SECLEVEL=1

or via the API.

-- 
    VIktor.


More information about the openssl-users mailing list