> On Sep 26, 2022, at 11:47, Viktor Dukhovni wrote:
>
> On Mon, Sep 26, 2022 at 10:46:40AM -0400, Felipe Gasper wrote:
>
>>> The security levels are documented. You can set the security level
>>> in the cipher string:
>>>
>>> DEFAULT:@SECLEVEL=1
>>>
>>> or via the API.
>>
>> Ahh, OK.
On Mon, Sep 26, 2022 at 10:46:40AM -0400, Felipe Gasper wrote:
> > The security levels are documented. You can set the security level
> > in the cipher string:
> >
> >DEFAULT:@SECLEVEL=1
> >
> > or via the API.
>
> Ahh, OK. Indeed, when I set that as the cipher string the error goes away.
> On Sep 26, 2022, at 10:01, Viktor Dukhovni wrote:
>
> On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:
>
>> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.
>
> No such change was made. Perhaps your OS distribution has bumped the
> default (TLS)
On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote:
> OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes.
No such change was made. Perhaps your OS distribution has bumped the
default (TLS) security level from 1 (80-bit or more) to 2 (~112 bit or
more). You can
Hello,
OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key
sizes.
Is the new minimum key size queryable? It appears to be 2,048, but in
the event that that changes again I’d ideally love just to grab that value from
OpenSSL itself rather than hard-coding it.
