On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich <rs...@akamai.com> wrote:
>
> - Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
>
>
>
> TLS 1.3 doesn’t have those groups.
>
Per section Supported Groups in RFC 8446 [1], FFDHE groups could be
supported.
enum {
/* Elliptic Curve Groups (ECDHE) */
secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
x25519(0x001D), x448(0x001E),
/* Finite Field Groups (DHE) */
ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
ffdhe6144(0x0103), ffdhe8192(0x0104),
/* Reserved Code Points */
ffdhe_private_use(0x01FC..0x01FF),
ecdhe_private_use(0xFE00..0xFEFF),
(0xFFFF)
} NamedGroup;
[1] https://tools.ietf.org/html/rfc8446#section-4.2.7
>
