From: owner-openssl-us...@openssl.org On Behalf Of Sad Clouds
Sent: Saturday, 10 April, 2010 10:56
I'm testing a very simple SSL web server. Everything seems to work OK
with RSA and DSA 1024-bit keys.
I tried using DSA 2048-bit key and snip
Then when I use Firefox to connect to the server I get:
keylength = 1024
error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
Any ideas why I'm getting decrypt error with OpenSSL? Is this related
to the fact that the tmp_dh_callback() is passed 1024-bit key length,
even though the certificate was set up with a 2048-bit key? Why does
This is an alert received by openssl in your server, *from* Firefox.
Either openssl is encrypting something improperly so Firefox can't
decrypt it, which seems unlikely since you say later s_client works;
or FF is decrypting something wrong or perhaps just disliking it,
in which case you probably need help from FF support/development.
There's no protocol reason the ephDH group has to be the same size
as the DSA key/group that authenticates it, although for security
good sense you probably want it to. The actual call to the callback
is s3_srvr.c uses some macros to enforce 'export' restrictions
on strength, which I don't understand in detail but it appears
to me can limit your pubkey size to 1024 in at least some cases.
Maybe someone else is more familiar with this area.
Aside: do you really need this? FIPS 186-3 extended DSA to 2k and 3k,
but SP 800-57 no longer approves classic DSA for USgovt use at all,
even in the new sizes, it switches to ECDSA instead.
OpenSSL Project http://www.openssl.org
User Support Mailing Listopensslfirstname.lastname@example.org
Automated List Manager majord...@openssl.org