Hello everybody, I'm trying to force openssl s_server to use DH p parameter of 2048 bits length, but I can't find the way to do it. I've noticed that the length of p parameter depends on chosen cipher. For example, if I'm using DHE_PSK_WITH_AES_128_CBC_SHA256 the length of p parameter is 1024 bits, but if I'm using DHE_PSK_WITH_AES_256_CBC_SHA384 the length is 3072 bits.
I've tried to generate DH parameters PEM file by the following command: *openssl genpkey -genparam -algorithm DH -out /tmp/test_dh_params.pem -pkeyopt dh_paramgen_prime_len:2048* And to load the file to s_server by: *openssl s_server -state -trace -dhparam /tmp/test_dh_params.pem -accept 443 -psk 1a2b3c4d -nocert* But I'm getting an error: *Error with command: "-dhparam /tmp/test_dh_params.pem"* Is there an easy way to do what I'm trying to do? Any help would be appreciated. Best regards.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
