> From: owner-openssl-us...@openssl.org On Behalf Of Domingo Kiser > Sent: Tuesday, 16 June, 2009 13:18 > ---------- Forwarded message ---------- > From: Domingo Kiser <domingo.ki...@gmail.com> > Date: Mon, 15 Jun 2009 16:00:20 -0700
> Does the "SSL_EXPORT_PKEYLENGTH" macro defined in > "ssl_locl.h" force non-export ciphers to always use a > diffie-hellman prime parameter of > 1024 bits? This seems to be the case and I've noticed this > behavior in a callback function registered with > "SSL_CTX_set_tmp_dh_callback". > The "s3_srvr.c" file uses this macro for the third argument > to a callback function if its registered and dh params are > not part of the certificate stored in the ssl structure. If > this is the case, when would the "dh2048.pem" provided in the > distribution ever be used? > I don't understand why the callback is invoked this way, but it appears to me you can pre-set any given DHparams, including dh2048.pem if you like that one. You can equally well generate (and perhaps distribute) your own params. > Is there a general rule of thumb on matching dh param sizes > with key sizes? I assumed matching the key size would work. A DH key must always match the params it is used with. Specifically, a DH private key is a random or at least unknown element in the subgroup defined by the params; the public key is an apparently random element of the group, and thus should be significantly smaller in size only with negligible probability. In SSL using DH, the group is always chosen by the server, either static (in its certificate) or ephemeral. The client must use the same group, or fail the connection. There is no information in the protocol that would allow the server to know what size (or specific group) the client 'wants'. It does know what symmetric cipher and hash sizes are preferred or acceptable according to the ciphersuite list, and could try to extrapolate to asymmetric including DH sizes with 'comparable' security, e.g. NIST SP800-57 part1. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
