Hmm ... "the default DH parameters that are used during the SSL/TLS handshake when ephemeral Diffie-Hellman (DHE) key exchange is used" so the documentation agrees that this is for the DHE.
But as mentioned so far I fail to put something in there that makes testssl to report 1024 bit. ./testssl.sh --pfs 10.253.194.137:443 ... DH group offered: RFC5114/2048-bit DSA group with 224-bit prime order subgroup (2048 bits) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841936 Title: Rebuild haproxy with openssl 1.1.1 will change features (bionic) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1841936/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
