On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:
> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.
No such change was made. Perhaps your OS distribution has bumped the
default (TLS) security level from 1 (80-bit or more) to 2 (~112 bit or
more). You can look in the system-wide openssl.cnf file.
> Is the new minimum key size queryable? It appears to be 2,048, but in
> the event that that changes again I’d ideally love just to grab that
> value from OpenSSL itself rather than hard-coding it.
The security levels are documented. You can set the security level
in the cipher string:
DEFAULT:@SECLEVEL=1
or via the API.
--
VIktor.
