What key length is used for DHE by default ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 22/05/15 11:11, Nayna Jain wrote:
> Hi,
> 
> With the latest logjam attack, as I was trying to verify if my server
> (lighttpd) accepts DHE_xxx  ciphers,  I saw that it accepted and I
> didn't do any configuration setting done for DH parameters explicitly.
> 
> But I couldn't verify what is the key length did it use by default
> 512/1024/2048 ?
> 
> Eg. the one it negotiated was DHE-RSA-AES128-SHA256  and for TLSv1.2
> protocol ?
> 
> Will the key length be different for different protocols like
> SSLv3/TLSv1.0/TLSv1.1/TLSv1.2?  If yes , then what for each of them.

How that is configured depends on the application that is using OpenSSL.
A quick google search throws up this:

http://redmine.lighttpd.net/projects/1/wiki/docs_ssl

'Diffie-Hellman and Elliptic-Curve Diffie-Hellman parameters
Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols
will be supported in lighttpd 1.4.29. By default, Diffie-Hellman and
Elliptic-Curve Diffie-Hellman key agreement protocols use, respectively,
the 1024-bit MODP Group with 160-bit prime order subgroup from RFC 5114
and "prime256v1" (also known as "secp256r1") elliptic curve from RFC
4492. The Elliptic-Curve Diffie-Hellman key agreement protocol is
supported in OpenSSL from 0.9.8f version onwards. For maximum
interoperability, OpenSSL only supports the "named curves" from RFC 4492.

Using the ssl.dh-file and ssl.ec-curve configuration variables, you can
define your own set of Diffie-Hellman domain parameters. For example:

ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
ssl.ec-curve = "secp384r1"'


Matt


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux