Re: Problems with DSA 2048-bit keys
On Sun, 11 Apr 2010 23:29:27 -0400 Dave Thompson dave.thomp...@princetonpayments.com wrote: Aside: do you really need this? FIPS 186-3 extended DSA to 2k and 3k, but SP 800-57 no longer approves classic DSA for USgovt use at all, even in the new sizes, it switches to ECDSA instead. I probably don't need DSA, I was testing different algorithms and key sizes for client/server interoperability reasons. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Problems with DSA 2048-bit keys
From: owner-openssl-us...@openssl.org On Behalf Of Sad Clouds Sent: Saturday, 10 April, 2010 10:56 I'm testing a very simple SSL web server. Everything seems to work OK with RSA and DSA 1024-bit keys. I tried using DSA 2048-bit key and snip Then when I use Firefox to connect to the server I get: Thread starting keylength = 1024 SSL_accept() error error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error Any ideas why I'm getting decrypt error with OpenSSL? Is this related to the fact that the tmp_dh_callback() is passed 1024-bit key length, even though the certificate was set up with a 2048-bit key? Why does this happen? This is an alert received by openssl in your server, *from* Firefox. Either openssl is encrypting something improperly so Firefox can't decrypt it, which seems unlikely since you say later s_client works; or FF is decrypting something wrong or perhaps just disliking it, in which case you probably need help from FF support/development. There's no protocol reason the ephDH group has to be the same size as the DSA key/group that authenticates it, although for security good sense you probably want it to. The actual call to the callback is s3_srvr.c uses some macros to enforce 'export' restrictions on strength, which I don't understand in detail but it appears to me can limit your pubkey size to 1024 in at least some cases. Maybe someone else is more familiar with this area. Aside: do you really need this? FIPS 186-3 extended DSA to 2k and 3k, but SP 800-57 no longer approves classic DSA for USgovt use at all, even in the new sizes, it switches to ECDSA instead. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problems with DSA 2048-bit keys
On Sat, 10 Apr 2010 15:55:38 +0100 Sad Clouds cryintotheblue...@googlemail.com wrote: I'm testing a very simple SSL web server. Everything seems to work OK with RSA and DSA 1024-bit keys. I tried using DSA 2048-bit key and now I'm getting errors: Maybe it's just the Firefox issue, trying 'openssl s_clien ...' results in a negotiated SSL connection: New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA Server public key is 2048 bit Compression: NONE Expansion: NONE ... GET / HTTP/1.1 HTTP/1.1 200 OK Content-type: text/plain Content-length: 25 Sat Apr 10 16:24:27 2010 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problems with DSA 2048-bit keys
On Sat, 10 Apr 2010 15:55:38 +0100 Sad Clouds cryintotheblue...@googlemail.com wrote: On the server side I set up a callback function for DH parameters: Could someone explain to me the relationship between DH parameters and DSA key lengths? For example, with larger keys, do I need to load larger DH parameters? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org