Re: Problems with DSA 2048-bit keys

2010-04-12 Thread Sad Clouds
On Sun, 11 Apr 2010 23:29:27 -0400 Dave Thompson dave.thomp...@princetonpayments.com wrote: Aside: do you really need this? FIPS 186-3 extended DSA to 2k and 3k, but SP 800-57 no longer approves classic DSA for USgovt use at all, even in the new sizes, it switches to ECDSA instead. I

RE: Problems with DSA 2048-bit keys

2010-04-11 Thread Dave Thompson
From: owner-openssl-us...@openssl.org On Behalf Of Sad Clouds Sent: Saturday, 10 April, 2010 10:56 I'm testing a very simple SSL web server. Everything seems to work OK with RSA and DSA 1024-bit keys. I tried using DSA 2048-bit key and snip Then when I use Firefox to connect to the server

Problems with DSA 2048-bit keys

2010-04-10 Thread Sad Clouds
I'm testing a very simple SSL web server. Everything seems to work OK with RSA and DSA 1024-bit keys. I tried using DSA 2048-bit key and now I'm getting errors: # Generate DSA parameters openssl dsaparam -out dsa_param.pem -outform PEM 2048 # Generate a certificate request openssl req -newkey

Re: Problems with DSA 2048-bit keys

2010-04-10 Thread Sad Clouds
On Sat, 10 Apr 2010 15:55:38 +0100 Sad Clouds cryintotheblue...@googlemail.com wrote: I'm testing a very simple SSL web server. Everything seems to work OK with RSA and DSA 1024-bit keys. I tried using DSA 2048-bit key and now I'm getting errors: Maybe it's just the Firefox issue, trying

Re: Problems with DSA 2048-bit keys

2010-04-10 Thread Sad Clouds
On Sat, 10 Apr 2010 15:55:38 +0100 Sad Clouds cryintotheblue...@googlemail.com wrote: On the server side I set up a callback function for DH parameters: Could someone explain to me the relationship between DH parameters and DSA key lengths? For example, with larger keys, do I need to load