Largest accepted client key exchange message length seems to be set to 2048 bytes. Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead).
OpenSSL is too conservative here. Cordialement, Erwann Abalea Le 21 juil. 2016 à 10:32, Gupta, Saurabh <saurabh.gu...@cavium.com<mailto:saurabh.gu...@cavium.com>> a écrit : This issue, I'm facing for openssl-1.0.2e/g/h version. Run openssl server: Used 16K Certificate and Key ./openssl s_server -cert sercert16384.pem -key server16384 Run openssl client: ./openssl s_client -connect <server_ip>:port_number -cipher AES128-SHA -tls1 ERROR 139812135450280:error:1408E098:SSL routines:ssl3_get_message:excessive message size:s3_both.c:417: This error is coming while using AES128-SHA as a cipher and tls1/1_1/1_2 protocols. It's working fine with ssl3 protocol. Note: 1. This issue, I didn't face for the openssl-1.0.1p/e version. Can you please confirm. is this known issue? if it is the known issue. Can you please share that fix? Regards, Saurabh -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
