Thanks for the response. I went through the documentation, it does specify the support of the custom and standard DH parameters. On the selection of the parameter the documentation says "
hands them out to clients based on the length of the certificate's RSA/DSA key"
Where as per the RFC7919 (
https://www.rfc-editor.org/rfc/rfc7919.html#page-8)
- A compatible TLS server that receives the Supported Groups extension with FFDHE codepoints in it and that selects an FFDHE cipher suite MUST select one of the client's offered groups
if none of the client-proposed FFDHE groups are known and acceptable to the server, then the server MUST NOT select an FFDHE cipher suite
...
Is the server behavior then compliant to the specification? This information was not so clearly documented/ or couldn't be interpreted. Any help in this regard is highly appreciated.
Regards,
Pankaj
