Comment 17 for bug 1841936
Revision history for this message
| Christian Ehrhardt (paelzer) wrote Re: Rebuild haproxy with openssl 1.1.1 will change features (bionic) | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hmm ... "the default DH parameters that are used during the SSL/TLS handshake when
ephemeral Diffie-Hellman (DHE) key exchange is used" so the documentation agrees that this is for the DHE.
But as mentioned so far I fail to put something in there that makes testssl to report 1024 bit.
./testssl.sh --pfs 10.253.194.137:443
...
DH group offered: RFC5114/2048-bit DSA group with 224-bit prime order subgroup (2048 bits)