Given the current state of the art, a 4K RSA is not a security flaw. Maybe in the future it will be, but not now. And it's not a serious flaw, because you are changing the source code on one side and expecting the other side to work without similar changes.
Saying "1-2 seconds it not a lot for the handshake" is naïve. It is quite a lot if that server handles 1000 connections per second. :) Changing OpenSSL so that the maximum keysize can be specified at run-time is a nice enhancement. It's not on anyone's plate at the moment, so if you have time a patch would be useful. I understand the GNU philosophy of no arbitrary limits. But keysize isn't the same thing as line-length, and other factors such as CPU cost must be considered. I recommend you close this as WONTFIX. -- Senior Architect, Akamai Technologies IM: [email protected] Twitter: RichSalz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

