2

Currently OpenSSL in client mode stops handshake only if the keylength of server selected DH parameters is less than 768 bit (hardcoded in source).

In my client I want to stop handshake if the keylength of Server selected DH parameters is less than 2048-bit. The preferred way would be to set via API, e.g. option setting exposed by OpenSSL.

Is there any way to set the minimum key length using public APIs?

jww
  • 97,681
  • 90
  • 411
  • 885
user3027786
  • 185
  • 2
  • 14
  • The issues with DH and `SSL_CTX_set_tmp_dh_callback` appears to be (1) a feature request; and (2) a documentation bug. – jww Oct 06 '15 at 13:18
  • Dr. Henson added some example code to the bug report at [Doc Bug: SSL_CTX_set_tmp_dh_callback (and friends) and client code](https://rt.openssl.org/Ticket/Display.html?id=4071). – jww Oct 06 '15 at 16:51

1 Answers1

1

Is there any way to set the minimum key length using public APIs?

Yes (or maybe I should say, "I believe so"). Use your Diffie-Hellman callback. The callback is set with SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback.

Usually the Diffie-Hellman callback is used on the server to generate its keys. But according to OpenSSL's SSL_CTX_set_tmp_dh_callback(3) man page, its "... to be used when a DH parameters are required for tmp_dh_callback...".

For an example of using the callback in the context of a server (which should be similar to using it in a client), see 'No Shared Cipher' Error with EDH-RSA-DES-CBC3-SHA. It performs key length checks.

Community
  • 1
  • 1
jww
  • 97,681
  • 90
  • 411
  • 885
  • 1
    I am already using those functions in server mode but they are ignored by openssl in client mode. It is the server who selects first the dh paramters and negotiate it with client. – user3027786 Oct 05 '15 at 14:44
  • @user3027786 - OK, thanks. Generating the random value used as a public key at the client is clearly selecting a DH param, so there's a bug somewhere. (I don't whether its supposed to work and its an implementation bug; or its not supposed to work and its a documentation bug). Do you want to file a bug report with OpenSSL, or do you want me to do it? – jww Oct 05 '15 at 15:09
  • @user3027786 - ACK. Also see [How to enforce DH field size in the client?](http://openssl.6102.n7.nabble.com/How-to-enforce-DH-field-size-in-the-client-td60442.html) on the OpenSSL user mailing list. Let's zero-in on the where the issue actually lies before submitting something. – jww Oct 05 '15 at 17:40
  • @user3027786 - a bug was filed against the docs; see [Doc Bug: SSL_CTX_set_tmp_dh_callback (and friends) and client code](https://rt.openssl.org/Ticket/Display.html?id=4071) – jww Oct 06 '15 at 13:38
  • Thanks, i am following [How to enforce DH field size in the client?](http://openssl.6102.n7.nabble.com/How-to-enforce-DH-field-size-in-the-client-td60442.html). There is comment by @Viktor Dukhovni: This should be possible via configuration but no details how? – user3027786 Oct 08 '15 at 13:42