Thanks Matt. Jayadev. On Wed, Dec 23, 2015 at 9:34 PM, Matt Caswell <matt at openssl.org> wrote: > > > On 23/12/15 15:54, Jayadev Kumar wrote: > > routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3415: > > Ah. The above line is the critical bit. This is as a result of the > logjam protections that were part of 1.0.1n. See: > https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ > > 1.0.1m s_server uses DH parameters that are too small by default. You > can generate new ones using: > > $ openssl dhparam -out dhparam.pem 2048 > > Then start s_server using: > > $ openssl s_server -msg -dhparam dhparam.pem > > You should find that 1.0.1q client can interoperate with the above just > fine. > > Matt > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151223/4a014c46/attachment.html>
