hello, if it happens, the two peers will not derive the same key, what will make further encrypted messages undecipherable by peer
but the correct protocol includes parameters exchange (generator and modulus), and those are also included in the EVP_PKEY objects In particular, you must transmit parameters each time you use ephemeral DH, or those can be public anyway for example trough a certificate. I did not find such sanity checks in key derivation functions, so I guess you have to be careful Best regards Nicolas ----- Mail original ----- De: "Francis GASCHET" <f...@numlog.fr> À: openssl-users@openssl.org Envoyé: Lundi 22 Septembre 2014 14:30:00 Objet: TLS : DH groups Hello, When we create DH parameters we have to specify the group (2 or 5). What does happen if both sides of the connection don't use the same group ? Best regards, -- Francis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
