> From: owner-openssl-us...@openssl.org On Behalf Of Sad Clouds > Sent: Saturday, 10 April, 2010 10:56
> I'm testing a very simple SSL web server. Everything seems to work OK > with RSA and DSA 1024-bit keys. > > I tried using DSA 2048-bit key and <snip> > Then when I use Firefox to connect to the server I get: > > Thread starting > keylength = 1024 > SSL_accept() error > error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error > > Any ideas why I'm getting decrypt error with OpenSSL? Is this related > to the fact that the tmp_dh_callback() is passed 1024-bit key length, > even though the certificate was set up with a 2048-bit key? Why does > this happen? This is an alert received by openssl in your server, *from* Firefox. Either openssl is encrypting something improperly so Firefox can't decrypt it, which seems unlikely since you say later s_client works; or FF is decrypting something wrong or perhaps just disliking it, in which case you probably need help from FF support/development. There's no protocol reason the ephDH group has to be the same size as the DSA key/group that authenticates it, although for security good sense you probably want it to. The actual call to the callback is s3_srvr.c uses some macros to enforce 'export' restrictions on strength, which I don't understand in detail but it appears to me can limit your pubkey size to 1024 in at least some cases. Maybe someone else is more familiar with this area. Aside: do you really need this? FIPS 186-3 extended DSA to 2k and 3k, but SP 800-57 no longer approves classic DSA for USgovt use at all, even in the new sizes, it switches to ECDSA instead. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
