> There is a limit of 10000: > #define OPENSSL_DH_MAX_MODULUS_BITS 10000 > > I suggest you do not change this. It just gets slower without > adding security. > > I have no idea why it would freeze with something larger than > 13824. > > I'm not sure what is logging the size, but it might be using > DH_size()*8 to log it. I don't think their currently is an API > that returns it in bits. > > > Kurt Thanks for the response.? Could you elaborate on why a larger size doesn't add security?? For the sake of discussion, lets ignore how slow it would be.? According to section 5.6.1 of http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf? you would need 15360+ bit to have security equal to AES256.?? Is NIST wrong here?? If so, why?
