On Sat, May 16, 2015 at 7:29 PM, Benny Baumann <BenBE at geshi.org> wrote: >>>> There is a limit of 10000: #define OPENSSL_DH_MAX_MODULUS_BITS >>>> 10000 > I suggested replacing this compile time constant by a SSL_CTX option, > but due to the lack of configuring this without having to change all > programs there's no patch for this yet... > A related issue is there are no more bits available in the options. SSL_OP_SAFARI_ECDHE_ECDSA_BUG re-purposed an exiting bit. Jeff
