@adriansev - I'm not suggesting it's a solution, just want to test the theory that this is where the problem is. It would be very useful to understand it's indeed in the DH settings and not elsewhere in the code.

(Memory is very hazy of my last read of this code but I believe the DH key itself is later on truncated so there's only 512 bits of security even if the buffers fed to OpenSSL are 2048 bit.... i.e., there's no effective security here unless you're using xroots. So the setting of the DH size can be made to "whatever makes OpenSSL happy")


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/2014/1570922760@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/2014#issuecomment-1570922760", "url": "https://github.com/xrootd/xrootd/issues/2014#issuecomment-1570922760", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1