On 11/07/2013 09:15 AM, Kurt Roeckx wrote:
I filed a ticket about this ealier (#3120)
You can see the discussion about that here:
http://openssl.6102.n7.nabble.com/openssl-org-3120-Minimum-size-of-DH-td46401.html
ah, thanks. It's too bad that discussion isn't mirrored on
https://rt.openssl
On Tue, Nov 05, 2013 at 11:43:54PM -0500, Daniel Kahn Gillmor wrote:
> I noticed recently that OpenSSL as a client is happy to connect to a
> server that offers a trivially-crackable DH group.
>
> You can try it out at https://demo.cmrg.net/
>
> Other modern TLS implementations will refuse to con
On 11/06/2013 05:08 AM, Karthikeyan Bhargavan wrote:
On the precise number of minimum bits, please note that IIS uses a static
768-bit Diffie Hellman prime, specifically Group 1 from IKEv2 (rfc5996,
appendix B.1)/
I suspect a number of other servers may do the same; hence the numbers you see
f
We noticed the same thing and would also recommend that the openssl client
reject small DH groups.
This would complement the strong validity checks that openssl already by e.g.
checking primality and rejecting invalid public keys.
On the precise number of minimum bits, please note that IIS uses
I noticed recently that OpenSSL as a client is happy to connect to a
server that offers a trivially-crackable DH group.
You can try it out at https://demo.cmrg.net/
Other modern TLS implementations will refuse to connect to this server
because the DHE group is only 16 bits. OpenSSL happily conne