How to enforce DH field size in the client?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>>This should be possible via configuration, not just explicit API 
>>calls from applications that go to the extra trouble. 
How is it possible via configuration?

I have seen in s3_clnt.c, openssl check for server dh prime size against a
hardcoded value
 /if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) 
            || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { 
            SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_DH_KEY_TOO_SMALL); 
            goto f_err; 
 } /

Why it is not possible to initialize the compared constant key size via some
public method?



--
View this message in context: http://openssl.6102.n7.nabble.com/How-to-enforce-DH-field-size-in-the-client-tp60442p60480.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux