On 14 Jul 2015, at 19:39 , Howard Chu hyc@symas.com wrote:
Jens Vagelpohl wrote:
I am now testing the actual DH parameter size used during a TLS connection with instructions from https://bettercrypto.org/blog/2015/05/20/tls-logjam/ and it only shows DH parameter size 1024:
<snip> $ echo | openssl s_client -connect alias01.alias.ooo:636 -cipher "EDH" 2>/dev/null … much output … No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: DH, 1024 bits </snip>
I was expecting "Server Temp Key: DH, 2048 bits”. Am I just testing this the wrong way or is there an issue with DH parameter configurations in OpenLDAP?
What is your cert's public key size?
Hi Howard,
It’s 4096 bits:
<snip> $ openssl x509 -in /etc/pki/tls/certs/NNN.crt -noout -text … much output … Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: </snip>
jens