> There is a limit of 1:
> #define OPENSSL_DH_MAX_MODULUS_BITS 1
>
> I suggest you do not change this. It just gets slower without
> adding security.
>
> I have no idea why it would freeze with something larger than
> 13824.
>
> I'm not sure what is logging the size, but it might be using
>
Can someone offer an opinion on my questions below? Thanks!
> From: bird_...@hotmail.com
> To: openssl-users@openssl.org
> Subject: Working with large DH parameters
> Date: Tue, 28 Apr 2015 09:26:25 -0500
>
> Ok I have been doing some experiments with OpenVPN and I can connect using
> 1 bit
Ok I have been doing some experiments with OpenVPN and I can connect using
1 bit DH parameters. Any bigger than that up to at least 13824 I get the
following 'modulus too large' error on the client log:
TLS_ERROR: BIO read tls_read_plaintext error: error:05066067:Diffie-Hellman
routines:CO
] Generating large DH parameters
>
>
>
> On 14/01/15 12:35, jack seth wrote:
> > I am trying to generate a 16384 bit DH file for testing purposes. Is
> > it necessary to have a '.rnd' in existence before trying to generate
> > this file? I generated one whi
I am trying to generate a 16384 bit DH file for testing purposes. Is it
necessary to have a '.rnd' in existence before trying to generate this file? I
generated one which took 4 days to do but the computer had a .rnd file. I am
currently trying to generate another on a system WITHOUT the .rn
3:39:04 +
> From: openssl-us...@dukhovni.org
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Need help encrypting my ca.key
>
> On Tue, Jan 06, 2015 at 05:25:21PM -0600, jack seth wrote:
>
> > Well I ran the command
> > openssl asn1parse -in ca.key
&g
: [openssl-users] Need help encrypting my ca.key
>
> On Tue, Jan 6, 2015 at 12:04 AM, jack seth wrote:
> > Thanks for the response. First I am running this on Windows 7. Questions
> >
> > 1. How can I determine what key format my ca.key is in?
> If its binary, then its simpl
this?
> Date: Tue, 6 Jan 2015 02:48:13 +
> From: openssl-us...@dukhovni.org
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Need help encrypting my ca.key
>
> On Mon, Jan 05, 2015 at 08:37:24PM -0600, jack seth wrote:
> > I must be doing something wron
I must be doing something wrong but I can't figure out what it is. I am trying
to encrypt my private ca key with this command
openssl rsa -in ca.key -out caencrypted.key -aes256
This works fine but the problem is I don't get the original key back when I
decrypt it using this command
openss
