Simon Chopin <simon.chopin@xxxxxxxxxxxxx> wrote:
> This test suite fails several times with a failed call to
> EVP_PKEY_derive_set_peer, without much more details:
> https://github.com/net-ssh/net-ssh/blob/master/test/transport/kex/test_diffie_hellman_group14_sha1.rb
> However, the *exact same* test suite works, with the only difference
> being that the failing suite uses the DH group 14, which is 2048bits,
> whereas the one that passes uses the group 1, which the Internet tells
> me is 768bits.
DH groups of 768bits are considered too weak.
I wonder if openssl 3 is declining to do anymore, and/or has been compiled
with an option to drop support for that size.
(I have no knowledge of that part of openssl)
Attachment:
signature.asc
Description: PGP signature
