On Tue, Aug 14, 2012 at 3:00 PM, <no_spam...@yahoo.com> wrote: > Thank you for the information and links. > >> [stuff deleted] > >> >>> I'm probably missing something in the OpenSSL implementation. The >> documentation for SSL_CTX_set_tmp_dh_callback() says that the >> "tmp_dh_callback is called with the keylength needed..." But surely >> this can't be only 512 or 1024...? Is it up to the application to decide to >> use a larger key size based on the information from the SSL structure passed >> in? >> >> No, OpenSSL is doing things per the standards. The standards are the >> problem here. >> > > > I don't understand this comment. Are you suggesting that my application ONLY > use what OpenSSL supplies as the value of the "keylength" parameter? And NOT > use larger-than-1024-bit DH key sizes? > > Don't the standards and/or research suggest that larger key sizes SHOULD be > used when appropriate? The standards are sufficiently vague, and often [mildly] offends all parties. "OAuth 2.0 editor resigns and takes name off spec," http://www.h-online.com/open/news/item/OAuth-2-0-editor-resigns-and-takes-name-off-spec-1654984.html.
> I guess what I'm asking is: what is the proper method for using larger > ephemeral DH key sizes in OpenSSL? Ah, my bad. I'm not sure how to configure it on the client or the server. > What I'm envisioning is something like the following: if the cipher suite and > authentication key size info contained in the SSL structure require something > stronger than 1024-bit ephemeral DH keys, use something bigger. And perhaps > have an application override that can force the tmp_dh_callback to use > 1024-bit for backwards compatibility. > > Does this make any sense? Yes. > Or is the right answer not to use ephemeral DH cipher suites? The trade off > being the lack of PFS for a more consistent security level. No, DHE is good since it ensures forward secrecy. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org