diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-01-22 16:22:48 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-03-28 14:49:04 +0000 |
| commit | 09599b52d4e295c380512ba39958a11994d63401 (patch) | |
| tree | a2bbccfe21abc225b7010c37638d5e0416778e3d /apps/ciphers.c | |
| parent | 2514fa79acba998c2a8d4e5a8288a5b3ae990377 (diff) | |
Auto DH support.
Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call
SSL_CTX_set_auto_dh(ctx, 1);
and appropriate DH parameters will be used based on the size of the
server key.
Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:
SSL_CTX_set_auto_dh(ctx, 2);
Only 1024 bit DH parameters will be used.
If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.
The old export ciphersuites aren't supported but those are very
insecure anyway.
Diffstat (limited to 'apps/ciphers.c')
0 files changed, 0 insertions, 0 deletions