On Thu, 2014-03-13 at 22:52 +0100, Stephen Henson via RT wrote: > On Thu Mar 13 20:12:38 2014, d...@fifthhorseman.net wrote: > > This is a hard-coded patch to make OpenSSL clients reject connections > > which use DHE handshakes with < 1024 bits. > I should've commented on this before, sorry. I'm currently working on a > framework where several security parameters can be configured at both compile > time and runtime, including DH parameter sizes. It's still under development > at > present though. I'll commit it to the master branch when it's more stable.
In the new Fedora we will try system-wide configuration parameters for all crypto libraries (patch [0] was along that line), so such a change is very good news. It would be nice if that branch was public for comments or so, but otherwise, it would be ideal if such parameters could be set using a cipher string. regards, Nikos [0]. http://comments.gmane.org/gmane.comp.encryption.openssl.devel/23920 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
