I had to
reduce our
keys to
4096 to be
able to
use client
authentication
with
Apache. I
hope this
bug will
be fixed.
At least
root CA
and
intermediate
CAs can be
longer.
Marc
Fauser
__
OpenSSL Project
When using client certificates with very large RSA key lengths, the SSL
handshake fails with "excessive message size" errors.
Reason: the maximum permitted size for the key is hardcoded to 512 bytes
in ssl3_get_cert_verify() (call to ssl3_get_message()).
This fails for 4096bit RSA keys due to the
Since raising the length of our keys to 4096, we are now suffering
with this problem and wondered if any resolution was being worked on?
Best regards,
Mark.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mark Johnston - [EMAIL PROTECTED]
Systems Support
University of Southampton
__
