On 2020-02-28 03:37, Salz, Rich via openssl-users wrote:
*>*Per section Supported Groups in RFC 8446 [1], FFDHE groups could be
supported.
I was wrong, sorry for the distraction.
As others have pointed out, it will be in the next (3.0) release.
Note that the group identifiers for the hardw
>Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.
I was wrong, sorry for the distraction.
As others have pointed out, it will be in the next (3.0) release.
On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich wrote:
>
>- Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
>
>
>
> TLS 1.3 doesn’t have those groups.
>
Per section Supported Groups in RFC 8446 [1], FFDHE groups could be
supported.
enum {
/* Elliptic Curve Groups (ECDHE)
* Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
TLS 1.3 doesn’t have those groups.
FFDHE arrived quite late so it missed the window for being included in the
1.1.1 release and won't be added to it in a patch release as it is a new
feature.
FFDHE support is available in master so it will be part of the upcoming 3.0
release and it is already possible to test it using a development
I would have highlighted that OpenSSL 1.1.1d was being used in my testing.
On Thu, Feb 27, 2020 at 5:13 PM John Jiang wrote:
> Hi,
> It sounds FFDHE groups are already supported [1]
> But the tools, like s_client, also support them.
> Run the command: openssl s_client -tls1_3 -groups ffdhe2048 h
Hi,
It sounds FFDHE groups are already supported [1]
But the tools, like s_client, also support them.
Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
it just raised the issue: Error with command: "-groups ffdhe2048"
If using P-256 or X25519, it worked fine.
I also tried optio