On Wed, Mar 26, 2003, Asad Ali wrote: > > Hi, > > I am experimenting with the minumum RSA key lenght allowed > by TLS 1.0. What I gather from reading the specification is > that it is left to applications to enforce minimum/maximum > lenghts - please correct me if this is not the case. >
There are various minimum limitations based on the protocol requirements of TLS. For example in static RSA ciphersuites it must be possible to encrypt the pre-master secret using the server's public key. The PMS is 48 bytes in length and the PKCS#1 padding overhead is 11 bytes effectively making the absolute minimum 59 * 8 = 472 bits. For client certificates or for ciphersuites where server certificates sign data it must be able to contain the combined SHA1+MD5 hash and with the overhead again this is 20+16+11 = 47 or 376 bits. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]