Thank you Victor and Kurt for your quick replies! They were very helpful
Best,
Andy Schmidt
On Thu, Jan 3, 2019 at 2:00 PM Kurt Roeckx wrote:
> On Thu, Jan 03, 2019 at 12:18:05PM -0800, Andy Schmidt wrote:
> > I am adding the RFC 7919 Diffie-Hellman parameters to our TLS servers,
> and
> > I've
On Thu, Jan 03, 2019 at 12:18:05PM -0800, Andy Schmidt wrote:
> I am adding the RFC 7919 Diffie-Hellman parameters to our TLS servers, and
> I've found that these parameters won't pass OpenSSL's Diffie Hellman
> parameter check function DH_check(). The return code is
> DH_NOT_SUITABLE_GENERATOR. Lo
On Jan 3, 2019, at 3:18 PM, Andy Schmidt wrote:
> I am adding the RFC 7919 Diffie-Hellman parameters to our TLS
> servers, and I've found that these parameters won't pass OpenSSL's
> Diffie Hellman parameter check function DH_check(). The return code
> is DH_NOT_SUITABLE_GENERATOR. Looking at the
I am adding the RFC 7919 Diffie-Hellman parameters to our TLS servers, and
I've found that these parameters won't pass OpenSSL's Diffie Hellman
parameter check function DH_check(). The return code is
DH_NOT_SUITABLE_GENERATOR. Looking at the source code, it appears to fail
because the remainder of
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich via openssl-users
> Sent: Wednesday, March 15, 2017 15:15
> To: Joseph Southwell; openssl-users@openssl.org
> Subject: Re: [openssl-users] Generating dh parameters multithreaded?
>
>
> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the
> already
> exposed functionality? If it is the latter could you point me in the right
> direction?
OpenSSL code does not do what you want. You'll ha
Are you suggesting that I should modify openssl myself to expose that
functionality or are suggesting that there is a way to do that given the
already exposed functionality? If it is the latter could you point me in the
right direction?
> On Mar 15, 2017, at 2:21 PM, Salz, Rich via openssl-user
> It takes a long time. Is there some way to have it use all available cores
> instead of just the one?
You'll have to write the code to do that parallelism yourself.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On any new install of our software we generate new dh parameters as follows…
DH *dh = DH_new();
!DH_generate_parameters_ex(dh, 2048, 2, NULL);
int codes = 0;
DH_check(dh, &codes);
DH_generate_key(dh);
It takes a long time. Is there some way to have it use all available cores
instead of just
> Of course, the second approach is a lot faster - however, can anyone explain
> the warning not from the documentation "Be careful to avoid small subgroup
> attacks when using this." ? AFAIK, for such attacks to be effective, they
> require that the parameters are re-used multiple times. However,
Hi all,
I am working on an application that would use DH to allow exchanging
symmetric keys (not a TLS app), and we noticed that we could use two
different approaches to generate the parameters.
The first option is to use the DH_generate_parameters_ex() +
DH_generate_key() - but that takes q
On Fri, May 22, 2015 at 5:20 AM, Walter H. wrote:
> Hello
>
> On 22.05.2015 08:30, Jeffrey Walton wrote:
>>
>> Or are you talking about server certificates with fixed DH parameters?
>
> can you please tell me more about this?
They have a DH group called out by param
Hello
On 22.05.2015 08:30, Jeffrey Walton wrote:
Or are you talking about server certificates with fixed DH parameters?
can you please tell me more about this?
how do I have to create the certificate request?
(using debian 7 latest updates installed: 'apt-get update & apt-get
upg
On Sat, May 16, 2015 at 7:29 PM, Benny Baumann wrote:
There is a limit of 1: #define OPENSSL_DH_MAX_MODULUS_BITS
1
> I suggested replacing this compile time constant by a SSL_CTX option,
> but due to the lack of configuring this without having to change all
> programs there's no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am 04.05.2015 um 19:13 schrieb Kurt Roeckx:
> On Mon, May 04, 2015 at 09:00:21AM -0500, jack seth wrote:
>>> There is a limit of 1: #define OPENSSL_DH_MAX_MODULUS_BITS
>>> 1
I suggested replacing this compile time constant by a SSL_CTX o
On Mon, May 4, 2015 at 10:00 AM, jack seth wrote:
>> There is a limit of 1:
>> #define OPENSSL_DH_MAX_MODULUS_BITS 1
>>
>> I suggest you do not change this. It just gets slower without
>> adding security.
>>
>> I have no idea why it would freeze with something larger than
>> 13824.
>>
>> I
On Mon, May 04, 2015 at 09:00:21AM -0500, jack seth wrote:
> > There is a limit of 1:
> > #define OPENSSL_DH_MAX_MODULUS_BITS 1
> >
> > I suggest you do not change this. It just gets slower without
> > adding security.
> >
> > I have no idea why it would freeze with something larger than
>
> There is a limit of 1:
> #define OPENSSL_DH_MAX_MODULUS_BITS 1
>
> I suggest you do not change this. It just gets slower without
> adding security.
>
> I have no idea why it would freeze with something larger than
> 13824.
>
> I'm not sure what is logging the size, but it might be using
>
On Tue, Apr 28, 2015 at 09:26:25AM -0500, jack seth wrote:
> Ok I have been doing some experiments with OpenVPN and I can connect using
> 10000 bit DH parameters. Any bigger than that up to at least 13824 I get the
> following 'modulus too large' error on the client log:
Can someone offer an opinion on my questions below? Thanks!
> From: bird_...@hotmail.com
> To: openssl-users@openssl.org
> Subject: Working with large DH parameters
> Date: Tue, 28 Apr 2015 09:26:25 -0500
>
> Ok I have been doing some experiments with OpenVPN and I can conn
Ok I have been doing some experiments with OpenVPN and I can connect using
1 bit DH parameters. Any bigger than that up to at least 13824 I get the
following 'modulus too large' error on the client log:
TLS_ERROR: BIO read tls_read_plaintext error: error:05066067:Diff
On Wed, Jan 14, 2015 at 08:23:13AM -0600, jack seth wrote:
> Thanks for the explanation. So I guess I just got lucky with
> the first one. :) Do you have any kind of estimate of how long
> it will take to generate?
The density of strong primes is conjectured to be ~1.3*n/(ln(n))^2.
For 16k bi
] Generating large DH parameters
>
>
>
> On 14/01/15 12:35, jack seth wrote:
> > I am trying to generate a 16384 bit DH file for testing purposes. Is
> > it necessary to have a '.rnd' in existence before trying to generate
> > this file? I generated one whi
On 14/01/15 12:35, jack seth wrote:
> I am trying to generate a 16384 bit DH file for testing purposes. Is
> it necessary to have a '.rnd' in existence before trying to generate
> this file? I generated one which took 4 days to do but the computer had
> a .rnd file. I am currently trying to g
I am trying to generate a 16384 bit DH file for testing purposes. Is it
necessary to have a '.rnd' in existence before trying to generate this file? I
generated one which took 4 days to do but the computer had a .rnd file. I am
currently trying to generate another on a system WITHOUT the .rn
(Sorry, got stuck in my outbox and I didn't notice for a while)
> From: owner-openssl-us...@openssl.org On Behalf Of Marco Bambini
> Sent: Monday, September 22, 2014 02:44
> Thanks a lot for the explanation, so instead of generating new parameters
on
> the fly I could just create them once and th
Thanks a lot for the explanation, so instead of generating new parameters on
the fly I could just create them once and then load on requests via the
SSL_CTX_set_tmp_dh_callback?
Like in the example listed on:
https://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html
Should I provide jus
> From: owner-openssl-us...@openssl.org On Behalf Of Marco Bambini
> Sent: Friday, September 19, 2014 12:04
> my server needs to accept DHE ciphers from clients so I think I would need
to
> be able to load static dh512.pem, dh1024.pem, dh2048.pem and dh4096.pem
> certificates on server side. In or
Hello,
my server needs to accept DHE ciphers from clients so I think I would need to
be able to load static dh512.pem, dh1024.pem, dh2048.pem and dh4096.pem
certificates on server side. In order to increase security I would like to skip
the pem file loading step and generate these dh certificate
Hello,
there are two sets of DH parameters, is there a difference?
./crypto/dh/dh2048.pem
./crypto/dh/dh512.pem
./crypto/dh/dh192.pem
./crypto/dh/dh4096.pem
./crypto/dh/dh1024.pem
./apps/dh2048.pem
./apps/dh512.pem
./apps/dh4096.pem
./apps/dh1024.pem
In DH parameters in ./apps there reference
Hello,
there are two sets of DH parameters, that is the difference?
./crypto/dh/dh2048.pem
./crypto/dh/dh512.pem
./crypto/dh/dh192.pem
./crypto/dh/dh4096.pem
./crypto/dh/dh1024.pem
./apps/dh2048.pem
./apps/dh512.pem
./apps/dh4096.pem
./apps/dh1024.pem
In DH parameters in ./apps there reference
If the negotiated cipher suite for an RSA encrypted client-server
session does not involve using the RSA public keys, then when is RSA
used in that session ?
Not sure to fully understand your question, but the answer may be :
'Just for [server] authentication'
Hope this helps.
> From: owner-openssl-users On Behalf Of Patrick Pelletier
> Sent: Friday, October 25, 2013 02:53
> On 10/24/13 1:59 PM, Dave Thompson wrote:
>
> > (For EC, the specified curve must also be acceptable to client(s) per
> > ClientHello extension,
> > which encourages using the callback or choosing
tatic) keypair to sign key-exchange data, and
both DH keypairs for key-agreement. Static DH (rarely if ever used, and not
yet released in OpenSSL but reportedly will in 1.0.2) uses the DH keypairs
for key-agreement, and higher (RSA/DSA) publickey to verify the cert.
> > If my understandin
Is it recommended to specify and use DH parameters for server ?
I know that RSA encryption/decryption is slow and this is why RSA public keys
are used only for establishing the session key which is a symmetric key usually
because symetric key encryption is fast.
If the negotiated cipher suite
key exchange is done
> using the public keys of the client and server.
No, this depends on the cipher-suite.
> If my understanding is correct, the DH parameters are used for
> key exchange also.
No, not "also", rather "instead" when an EDH cipher-suite is
negotiated.
correct, the DH parameters are used for key exchange
also. So if public key are used, is there a situation when the DH parameters
will be used instead for key exchange.
So is my understading correct, that DH might be used if the client uses a
protocol for key exchange that is based on DH and if
On Thu, Oct 24, 2013 at 11:52:36PM -0700, Patrick Pelletier wrote:
> >(For EC, the specified curve must also be acceptable to client(s) per
> >ClientHello extension,
> >which encourages using the callback or choosing a popular curve like P-256.)
>
> So, my understanding is that if the "tmp_ecdh"
On 10/24/13 1:59 PM, Dave Thompson wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the "tmp_ecdh" is set to a curve which
is not sup
Do you mean SSL/TLS the protocols and OpenSSL the implementation?
For SSL when an ADH or EDH aka DHE suite is negotiated, the server must send
DH parameters
and its (nominally one-time) public key, and the client uses or at least
matches the parameters
and sends its (ditto) public key
Hi,
When using SSL is it mandatory to specify along with the certificate (chain)
and the private key, also the DH parameters ?
What's the use for DH parameters when specified to OpenSSL ?
Thank you!
On Tue, Dec 14, 2010 at 04:14:01PM -0800, Mike Mohr wrote:
> How do you mean, an additional 0 byte is prepended? I generated
> several DH parameters and exported them to C code ( -C ), some of
> which has the MSB set. It looks like BN_bin2bn is used directly on
> the raw bytes
> From: owner-openssl-us...@openssl.org On Behalf Of Mike Mohr
> Sent: Tuesday, 14 December, 2010 19:14
> How do you mean, an additional 0 byte is prepended? I generated
> several DH parameters and exported them to C code ( -C ), some of
> which has the MSB set. It looks like BN
How do you mean, an additional 0 byte is prepended? I generated
several DH parameters and exported them to C code ( -C ), some of
which has the MSB set. It looks like BN_bin2bn is used directly on
the raw bytes of the prime without any padding.
Mike
On Tue, Dec 14, 2010 at 12:54 PM, Erik Tkal
...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Mike Mohr
Sent: Tuesday, December 14, 2010 3:42 PM
To: openssl-users@openssl.org
Subject: Using DH parameters from OpenSSL
Good afternoon,
I'm trying to understand the data format that OpenSSL writes out its
DH parameters in.
Good afternoon,
I'm trying to understand the data format that OpenSSL writes out its
DH parameters in. I am aware that the actual data is encoded using
ASN.1 DER and have a way to parse the container. My question really
amounts to byte ordering when DH parameters are generated like
icates and/or parameters, so long as a non-empty
> > set of usable cipher-suites remains.
>
> But above you are talking about lost forward secrecy.
Yes, but this is standard operating procedure for SSL. If the product
supports DH parameters, and the users want forward secrecy
On 2009.10.28 at 14:56:54 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
>
> > > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > > ciphersuites, dh parameters are not neccessary.
>
On Wed, Oct 28, 2009 at 09:09:59PM +0300, Victor B. Wagner wrote:
> > > But for some setups, especially in OpenSSL 1.0, which supports EC
> > > ciphersuites, dh parameters are not neccessary.
> >
> > This is not entirely accurately, one still needs to designa
On 2009.10.28 at 11:05:22 -0400, Victor Duchovni wrote:
> On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
>
> > But for some setups, especially in OpenSSL 1.0, which supports EC
> > ciphersuites, dh parameters are not neccessary.
>
> This is not entire
On Wed, Oct 28, 2009 at 04:06:07PM +0300, Victor B. Wagner wrote:
> But for some setups, especially in OpenSSL 1.0, which supports EC
> ciphersuites, dh parameters are not neccessary.
This is not entirely accurately, one still needs to designate an ECDH
curve for ECDHE ciphers. Postfix co
in, and
rather require users to provide parameter set in the file, specified in
configuration.
But for some setups, especially in OpenSSL 1.0, which supports EC
ciphersuites, dh parameters are not neccessary. Set of ciphersuites can
be explicitely (or implicitely by providing only keys with
Am Montag, 3. November 2008 08:12:26 schrieb shivakumar Balur:
> HI All,
>
> when i tried to generate DH parameters using : openssl genpkey
> -genparam -algorithm DH -out dhp.pem -pkeyopt dh_paramgen_prime_len:1024
>
> ERROR:
> error: openssl:Error: 'genpkey' is
HI All,
when i tried to generate DH parameters using : openssl genpkey -genparam
-algorithm DH -out dhp.pem -pkeyopt dh_paramgen_prime_len:1024
ERROR:
error: openssl:Error: 'genpkey' is an invalid command.
Can any one help me in this or any other commands to generate DH paramete
Hello,
I'm trying to create a certificate that include my diffie-hellman parameters
and the public value of my RSA key.
I will sign the certificate using RSA.
My problem is: how can i include the DH parameters? they must stored in an
extension field? which functions can help me to do
How often should a server generate new DH parameters?
Is this a dumb question? Sorry if it is.
1. 36 hours isn't much time to wait for a response.
I forgot it was the weekend; I've been reading the
list for several weeks now and the questions that
get answered are answered quickly.
2.
On Tue, 25 Jan 2005 06:50 am, Michael D'Errico wrote:
> Michael D'Errico wrote:
> > How often should a server generate new DH parameters?
>
> Is this a dumb question? Sorry if it is.
1. 36 hours isn't much time to wait for a response.
2. You broke threading, rather
Michael D'Errico wrote:
How often should a server generate new DH parameters?
Is this a dumb question? Sorry if it is.
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing
How often should a server generate new DH parameters?
Thanks,
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
n key exchange does not authenticate the participants
Reference:
http://www.hack.gr/users/dij/crypto/overview/diffie.html
regards,
Prakash Babu
www.visolve.com
Olia Kerzhner <[EMAIL PROTECTED]> wrote:
Hi all,I have a question about DH parameters. From what Iunderstand, they can either b
60 matches
Mail list logo
