Re: Support FFDHE?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich <rsalz@xxxxxxxxxx> wrote:
  • Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port

 

TLS 1.3 doesn’t have those groups.

Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.
enum {

    /* Elliptic Curve Groups (ECDHE) */
    secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
    x25519(0x001D), x448(0x001E),

    /* Finite Field Groups (DHE) */
    ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
    ffdhe6144(0x0103), ffdhe8192(0x0104),

    /* Reserved Code Points */
    ffdhe_private_use(0x01FC..0x01FF),
    ecdhe_private_use(0xFE00..0xFEFF),
    (0xFFFF)
} NamedGroup;

[1] https://tools.ietf.org/html/rfc8446#section-4.2.7
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux