> On 14 Jul 2015, at 19:39 , Howard Chu <[email protected]> wrote: > > Jens Vagelpohl wrote: >> I am now testing the actual DH parameter size used during a TLS connection >> with instructions from https://bettercrypto.org/blog/2015/05/20/tls-logjam/ >> and it only shows DH parameter size 1024: >> >> <snip> >> $ echo | openssl s_client -connect alias01.alias.ooo:636 -cipher "EDH" >> 2>/dev/null >> … much output … >> No client certificate CA names sent >> Peer signing digest: SHA512 >> Server Temp Key: DH, 1024 bits >> </snip> >> >> I was expecting "Server Temp Key: DH, 2048 bits”. Am I just testing this the >> wrong way or is there an issue with DH parameter configurations in OpenLDAP? > > What is your cert's public key size?
Hi Howard,
It’s 4096 bits:
<snip>
$ openssl x509 -in /etc/pki/tls/certs/NNN.crt -noout -text
… much output …
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
</snip>
jens
signature.asc
Description: Message signed with OpenPGP using GPGMail
