FFDHE arrived quite late so it missed the window for being included in the 1.1.1 release and won't be added to it in a patch release as it is a new feature.
FFDHE support is available in master so it will be part of the upcoming 3.0 release and it is already possible to test it using a development build from latest master. Best regards, Nicola Tuveri On Thu, Feb 27, 2020, 10:15 John Jiang <john.sha.ji...@gmail.com> wrote: > I would have highlighted that OpenSSL 1.1.1d was being used in my testing. > > On Thu, Feb 27, 2020 at 5:13 PM John Jiang <john.sha.ji...@gmail.com> > wrote: > >> Hi, >> It sounds FFDHE groups are already supported [1] >> But the tools, like s_client, also support them. >> Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port >> it just raised the issue: Error with command: "-groups ffdhe2048" >> If using P-256 or X25519, it worked fine. >> >> I also tried option "-groups FFDHE2048". The same error raised again. >> >> [1] https://github.com/openssl/openssl/pull/8178 >> >
