On Mon, Oct 05, 2015 at 11:55:36AM -0400, Jeffrey Walton wrote: > Based on the docs for SSL_CTX_set_tmp_dh_callback(3), the callback is > supposed to be invoked for DH parameter selection. The docs also > avoid/fail to state its a server only feature, so its not clear to me > if the client is able to use it. This is a server-only interface. > Its appears SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback > are not invoked at the client when the temporary pubic key is > selected, so there does not appear to be a way to query the field size > and fail the connection. Not via this interface. > Are clients supposed to be informed of DH parameter selection via > SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback? No. > At the client, how do we enforce minimum Diffie-Hellman field sizes? This should be possible via configuration, not just explicit API calls from applications that go to the extra trouble. Some work in that direction is in the master branch (future 1.1.0). There are ways to determine the server handshake group size, but this is not a good long-term interface for applications. See the new (1.0.2) SSL_get_server_tmp_key() function in commit: 2001129f096d10bbd815936d23af3e97daf7882d and how it is used in that commit. -- Viktor.