On Thu, Sep 03, 2015 at 01:33:48PM +0000, Peter Gutmann wrote: > Georgi Guninski <[email protected]> writes: > > >Anyway, I would appreciate if someone checks if current implementations > >accept composite $q$. > > Well, I think the problem will be finding any implementation of this at all, > or at least any that's still around now. > > >What do you mean by DH certificate? > > The static DH parameters need to be turned into a certificate by a CA. I > don't know of any public CA that can issue these. > > Peter.
Well openessl appears to support dhparam: https://www.openssl.org/docs/manmaster/apps/dhparam.html (maybe one needs to patch the source). Maybe the same approach will work for DSA.
