Re: key size 384 gives problem on server

Pradeep Kamath Thu, 22 Mar 2001 19:40:14 -0800
Hello all,
    Greg, I guess 384 is too small...I tried with
400..even that gave problems...with 500,512,1000,1024
there were no problems..
Does anyone know what would be a safe lower-limit?

TIA,
Pradeep
--- Greg Stark <[EMAIL PROTECTED]> wrote:
> 384 bits is too small to be secure, and too small to
> hold the encrypted
> pre-master secret + PKCS#1 padding. The browser
> should really refuse to make
> such a connection anyway. I wouldn't be surprised if
> you just bumbled onto a
> bug in Netscape.
> 
> use 1024-bit or larger moduli.
> 
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
> 
> 
> 
> ----- Original Message -----
> From: "Pradeep Kamath" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 22, 2001 11:40 AM
> Subject: key size 384 gives problem on server
> 
> 
> > Hello ,
> >    Iam using "openssl req" command to generate a
> > private key and certificate request for a
> > pache-nod_ssl server. Here I have to specify the
> > keysize in bits...if a keysize less than 384 is
> given
> > openssl reports that the size should atleast be
> 384.
> > If a size of 384 is given the key and certificate
> > request are successfully generated..a certificate
> can
> > also be got using this certificate request.
> > But when this certificate and 384 bit key are used
> on
> > a server,a browser trying to connect to this
> secure
> > apache server is not able to connect...Netscape
> > browser reports "an I/O error occured during
> security
> > authorization"
> >
> > A part of the apache error_log is as follows:
> >
> > OpenSSL: error:1408B076:SSLroutines:SSL3_GET
> > _CLIENT_KEY_EXCHANGE:bad rsa decrypt
> > OpenSSL: error:04065072:rsaroutines:RSA_EAY_
> > PRIVATE_DECRYPT:padding check failed
> >
> > Can anybody suggest what is wrong?
> >
> > TIA,
> > Pradeep
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
>
______________________________________________________________________
> > OpenSSL Project                                
> http://www.openssl.org
> > User Support Mailing List                   
> [EMAIL PROTECTED]
> > Automated List Manager                          
> [EMAIL PROTECTED]
> 
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> [EMAIL PROTECTED]
> Automated List Manager                          
[EMAIL PROTECTED]


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: key size 384 gives problem on server

Reply via email to
