Bodo Moeller wrote:
>
> Export ciphersuites limit DH prime size to 512 bits, otherwise 1024
> bits are reasonable. I don't know of any export-crippled software
> that even supports DH ciphersuites, so you only need parameters with
> 1024 bit primes.
I've only come across one myself: Suns HotJava browser and associated
SSL library. However at the time it used an incompatible DSA signature
format: the "third way" :-) so it wouldn't work without patching OpenSSL
anyway.
I haven't tried it since.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
