-
- Downloads
Auto DH support.
Add auto DH parameter support. This is roughly equivalent to the ECDH auto curve selection but for DH. An application can just call SSL_CTX_set_auto_dh(ctx, 1); and appropriate DH parameters will be used based on the size of the server key. Unlike ECDH there is no way a peer can indicate the range of DH parameters it supports. Some peers cannot handle DH keys larger that 1024 bits for example. In this case if you call: SSL_CTX_set_auto_dh(ctx, 2); Only 1024 bit DH parameters will be used. If the server key is 7680 bits or more in size then 8192 bit DH parameters will be used: these will be *very* slow. The old export ciphersuites aren't supported but those are very insecure anyway.
Showing
- apps/s_server.c 18 additions, 31 deletionsapps/s_server.c
- ssl/s3_lib.c 6 additions, 0 deletionsssl/s3_lib.c
- ssl/s3_srvr.c 15 additions, 2 deletionsssl/s3_srvr.c
- ssl/ssl.h 7 additions, 0 deletionsssl/ssl.h
- ssl/ssl_cert.c 1 addition, 0 deletionsssl/ssl_cert.c
- ssl/ssl_lib.c 2 additions, 2 deletionsssl/ssl_lib.c
- ssl/ssl_locl.h 4 additions, 0 deletionsssl/ssl_locl.h
- ssl/t1_lib.c 48 additions, 0 deletionsssl/t1_lib.c
Loading
Please register or sign in to comment