Re: Selection of DHE ciphers based on modulus size of DH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/6/2018 11:22 PM, Sanjaya Joshi wrote:
>>Current OpenSSL isn't willing to connect to a server using a DH key size below 1024 bits.
Yes, i have verified this. However, not sure, how my OpenSSL-based client can do this, as our requirement is that we must not use DH key size below 2048 bits.

>> I'm pretty sure that clients can and do refuse to talk to servers with small DH parameters.
Could you please provide some more clues how a client can do so ?

The 1024-bit DH limit is implemented in the OpenSSL client library.  I don't know if the calling application has any control or any visibility onto that decision.

(But note: it's still the client that's making the decision, from the perspective of the TLS protocol.)

A bit of searching later...

It looks like the key test is here:

https://github.com/openssl/openssl/blob/e6e9170d6e28038768895e1af18e3aad8093bf4b/ssl/ssl_cert.c#L921

        /*
         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
         * anything goes.
         */
        if (op == SSL_SECOP_TMP_DH && bits < 80)
            return 0;
        return 1;

and it looks like you can plug in your own function using SSL_set_security_callback.  I do not understand, however, how the 80 relates to a 1024-bit limit.

Here's the documentation:

https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_security_callback.html

-- 
Jordan Brown, Oracle Solaris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux