On 23/12/15 15:54, Jayadev Kumar wrote: > routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3415: Ah. The above line is the critical bit. This is as a result of the logjam protections that were part of 1.0.1n. See: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ 1.0.1m s_server uses DH parameters that are too small by default. You can generate new ones using: $ openssl dhparam -out dhparam.pem 2048 Then start s_server using: $ openssl s_server -msg -dhparam dhparam.pem You should find that 1.0.1q client can interoperate with the above just fine. Matt
