On Sun, Sep 21, 2025 at 09:57:53PM +1000, Viktor Dukhovni via Postfix-users wrote:
> > $ openssl dhparam -out /etc/postfix/dh3072.pem 3072 > > $ postconf -e smtpd_tls_dh1024_param_file=/etc/postfix/dh3072.pem > > You could do that, but this does not quite get you the group they/you > really want, you want the actual prime used in the RFC. For that, with > OpenSSL 3.x, you'd instead use: > > $ openssl genpkey -genparam -algorithm dh -pkeyopt group:ffdhe3072 > -----BEGIN DH PARAMETERS----- > MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz > +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a > 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 > YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi > 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD > ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 > 7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 > nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu > N///////////AgEC > -----END DH PARAMETERS----- > > This does not get you the optimised performance of using a 275-bit > private exponent, but you can probably afford the overhead. > > https://datatracker.ietf.org/doc/html/rfc7919#section-5.2 Actually, I was mistaken, somehow OpenSSL knows to generate the reasonably shorter private exponents for this group: $ openssl genpkey -genparam -algorithm dh -pkeyopt group:ffdhe3072 -out /tmp/dhp3072.pem $ openssl genpkey -paramfile /tmp/dhp3072.pem | openssl asn1parse -i 0:d=0 hl=4 l= 453 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 407 cons: SEQUENCE 11:d=2 hl=2 l= 9 prim: OBJECT :dhKeyAgreement 22:d=2 hl=4 l= 392 cons: SEQUENCE 26:d=3 hl=4 l= 385 prim: INTEGER :FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF 415:d=3 hl=2 l= 1 prim: INTEGER :02 418:d=1 hl=2 l= 37 prim: OCTET STRING [HEX DUMP]:0223065890795DEF26EE0715ADBAC9C09007E34A92DF057D295E312D4E323C738D46B1117E $ openssl genpkey -paramfile /tmp/dhp3072.pem | openssl asn1parse -i -strparse 418 0:d=0 hl=2 l= 35 prim: INTEGER :04D42F2698EF44CFB6C30F9E5576C32607792936BE03B9B7007D4AEA55F580E059019F That integer is 3 bits + 34 bytes, or 275 bits. If instead I generate a random 3072-bit Sophie-Germain safe prime parameter set and private key, the private exponent is much larger. $ openssl genpkey -genparam -algorithm dh -pkeyopt pbits:3072 -out /tmp/dhp3072.pem $ openssl genpkey -paramfile /tmp/dhp3072.pem | openssl asn1parse -i -strparse 418 0:d=0 hl=4 l= 384 prim: INTEGER :7C9A32E604335EB9BB73ED11BAF7C45075931E837D962296DD601942E0FE10B7AC1B89A081FE22EA9B34417F9C24F22D8E72AF77C67A0896565699A87A6B72AE51A5A882A2CF9A193BF6D1053D06C35D5858C5F34029EDE27DC35E5541A8BFCC90C2269C6F7845D210567AFAACD4C9C90DDBB3E47F877843FC9F644A48A11454A644E6DE1535969E96BE5ED88A0EEB4FA39DCC3670324F9EC625428DB151EC2A607B2F4865DA52BA0E1D58115195F3F19368B50BF98A525806B200389DC6D2FF55FD2AB324DAB7BAD5751C4B71CD8F17595BCD0D21DED6B68B69C11782D440AF7F356947F4ABCFF0EBB00F49B26B2800E4A87D3B2AA6333DA9697CD8D11F8DCD05E2ABF4756D2AF6BF9C054971A4C82B6CE6C270D8FF06E5022CD331CA6302731152D7DC3627C9C69600D825B866E8BD2BA265AC4F08CB17AADA4D8909BD2DCA72312EAC0B1E97A37E25264AF4F125849C6D476C11890EDA2979E7A8BAF3992FCFAC9DAF8DEB9089B76F2FC5AAA8646BBAF5A4BA657D53853641B0F7D21EDC6C This time 384 bytes or 3072 bits as expected. So it looks like the named DH groups are recognised automatically during keygen and corresponding more efficient private keys are generated on both ends of the connection. -- Viktor. 🇺🇦 Слава Україні! _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
