On Wed, Mar 03, 2021 at 04:14:17PM +0530, Vadivel P wrote: > Hi OpenSSL team, > > We are looking for the command line option or any other way to increase the > DHE G Parameter length to 256 bytes, by default it's 2 now, we need to > modify it as 256 byte on the server side for our testing either by command > line or with any other option.we need it for our local server bring up. > Please support us.
The default generator is the value 2, not 2 bytes. And if you really need to generate your own DHE keys, using the generator 2 makes perfect sense. Using a larger generator does not add any security, it just makes it slower. But I really suggest that you use standardized parameters like the ones from RFC7919. Note that all the generators in that RFC also use 2 as the generator. OpenSSL has no support for generating safe primes with a 256 byte/2048 bit generator.