> From: owner-openssl-us...@openssl.org On Behalf Of Sad Clouds
> Sent: Saturday, 10 April, 2010 10:56

> I'm testing a very simple SSL web server. Everything seems to work OK
> with RSA and DSA 1024-bit keys.
> I tried using DSA 2048-bit key and <snip>
> Then when I use Firefox to connect to the server I get:
> Thread starting
> keylength = 1024
> SSL_accept() error
> error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
> Any ideas why I'm getting decrypt error with OpenSSL? Is this related
> to the fact that the tmp_dh_callback() is passed 1024-bit key length,
> even though the certificate was set up with a 2048-bit key? Why does
> this happen?

This is an alert received by openssl in your server, *from* Firefox.
Either openssl is encrypting something improperly so Firefox can't 
decrypt it, which seems unlikely since you say later s_client works;
or FF is decrypting something wrong or perhaps just disliking it, 
in which case you probably need help from FF support/development.

There's no protocol reason the ephDH group has to be the same size 
as the DSA key/group that authenticates it, although for security 
good sense you probably want it to. The actual call to the callback 
is s3_srvr.c uses some macros to enforce 'export' restrictions 
on strength, which I don't understand in detail but it appears 
to me can limit your pubkey size to 1024 in at least some cases.
Maybe someone else is more familiar with this area.

Aside: do you really need this? FIPS 186-3 extended DSA to 2k and 3k, 
but SP 800-57 no longer approves classic DSA for USgovt use at all, 
even in the new sizes, it switches to ECDSA instead.

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to