> [daniel-marsch...@viathinksoft.de - Wed Sep 12 14:14:40 2012]: > > Hello, I found out that the rsa keysize is limited. > Here is my script: http://www.viathinksoft.de/~daniel- > marschall/asn.1/rsa-keysize-check/openssl_rsa32768_bug/ > I cannot create a 32768 bits certificate which I want to create as > test certificate to find limits in the implementations of x509 > parsers. > >
This is intentional as excessively large key sizes can be used in DoS attacks. If you compile openssl with -DOPENSSL_RSA_MAX_MODULUS_BITS=<number> you can specify an alternative value to the default which is 16384 bits. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
