Comment 17 for bug 1841936

Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Re: Rebuild haproxy with openssl 1.1.1 will change features (bionic)

Hmm ... "the default DH parameters that are used during the SSL/TLS handshake when
ephemeral Diffie-Hellman (DHE) key exchange is used" so the documentation agrees that this is for the DHE.

But as mentioned so far I fail to put something in there that makes testssl to report 1024 bit.

./testssl.sh --pfs 10.253.194.137:443
...
 DH group offered: RFC5114/2048-bit DSA group with 224-bit prime order subgroup (2048 bits)