Hi, This is related to an old discussion from 2002: http://www.mail-archive.com/[email protected]/msg11453.html . I've noticed (while using nodejs) that DH_check in OpenSSL returns DH_NOT_SUITABLE_GENERATOR for the 2nd Oakley Group described in RFC 2412. The problem is related to the fact that 2 is not actually a generator for the group - it only generates one half of all residues. If generator is 2, DH_check checks if the prime number is congruent to 11 mod 24. For the 2nd Oakley Group it is 23 and so DH_NOT_SUITABLE_GENERATOR is returned. A similar situation arises for the 1st Oakley Group. Shouldn't it be fixed? Not only RFC 2412 mentions that actually "from a cryptographic viewpoint, this is a virtue", but also this group seems to be quite popular (cf. SSH protocol). The returned flag is therefore misleading.
Regards, Tomasz Buchert ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
