Default key length of DH/DHE/ECDH/ECDHE

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Default key length of DH/DHE/ECDH/ECDHE

SaAtomic
I'm not sure if this question is more suitable for the OpenVPN or the OpenSSl users list.

OpenSSL as the ssl/tls library for OpenVPN offers DH with and without ephemeral keys as well as with or without elliptic curves.

With OpenVPN 2.4.0 and OpenSSL 1.0.2l only ECDHE and DHE are available, but I do not have the option to define a key length,
so I assume OpenSSL's default key length will be used.

What is the default key length of OpenSSL for DH, DHE, ECDH and ECDHE?

Thank you and regards,
SaAtomic
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Default key length of DH/DHE/ECDH/ECDHE

OpenSSL - User mailing list

For the elliptic curve choices, the curve picked (NIST256, NIST384, whatever) determines the keysize.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Default key length of DH/DHE/ECDH/ECDHE

Jakob Bohm-7
In reply to this post by SaAtomic
On 24/07/2017 13:35, SaAtomic wrote:

> I'm not sure if this question is more suitable for the OpenVPN or the
> OpenSSl users list.
>
> OpenSSL as the ssl/tls library for OpenVPN offers DH with and without
> ephemeral keys as well as with or without elliptic curves.
>
> With OpenVPN 2.4.0 and OpenSSL 1.0.2l only ECDHE and DHE are
> available, but I do not have the option to define a key length,
> so I assume OpenSSL's default key length will be used.
>
> What is the default key length of OpenSSL for DH, DHE, ECDH and ECDHE?
>
For DHE, the key size is set by the group parameters, for
which there is no default other than what the application
(in this case OpenVPN) sets.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users