Hello everybody,
I'm trying to force openssl s_server to use DH p parameter of 2048 bits length, but I can't find the way to do it.
I've noticed that the length of p parameter depends on chosen cipher.
For example, if I'm using DHE_PSK_WITH_AES_128_CBC_SHA256 the length of p parameter is 1024 bits,
but if I'm using DHE_PSK_WITH_AES_256_CBC_SHA384 the length is 3072 bits.
I've tried to generate DH parameters PEM file by the following command:
openssl genpkey -genparam -algorithm DH -out /tmp/test_dh_params.pem -pkeyopt dh_paramgen_prime_len:2048
And to load the file to s_server by:
openssl s_server -state -trace -dhparam /tmp/test_dh_params.pem -accept 443 -psk 1a2b3c4d -nocert
But I'm getting an error:
Error with command: "-dhparam /tmp/test_dh_params.pem"
Is there an easy way to do what I'm trying to do?
Any help would be appreciated.
Best regards.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
