Hi Everyone, Based on the docs for SSL_CTX_set_tmp_dh_callback(3), the callback is supposed to be invoked for DH parameter selection. The docs also avoid/fail to state its a server only feature, so its not clear to me if the client is able to use it.
Its appears SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback are not invoked at the client when the temporary pubic key is selected, so there does not appear to be a way to query the field size and fail the connection. ARe clients supposed to be informed of DH parameter selection via SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback? Or is there another method available? At the client, how do we enforce minimum Diffie-Hellman field sizes? Jeff _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
