The docs for SSL_CTX_set_tmp_dh_callback(3) (https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_tmp_dh_callback.html) and friends state the functions are called for DH parameter selection. It fails to state they are only called in servers, and not clients.
Please update the docs to make it clear they are server-only functions. It might be helpful to tell users there are currently no client-based APIs they can use to enforce an DH minimum. Also see "How to reject weak DH parameters in an OpenSSL client?" (http://stackoverflow.com/q/32947040) on Stack Overflow and "How to enforce DH field size in the client?" (http://openssl.6102.n7.nabble.com/How-to-enforce-DH-field-size-in-the-client-td60442.html) on the User's mailing list. _______________________________________________ openssl-bugs-mod mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
