Topic: OpenSSL compatibility layer: Setting dhparams automatically

Hi,

I'm looking for a function which sets Diffie Hellman parameters automatically (same size as RSA key size in certificate).
OpenSSL provides a macro SSL_CTX_set_dh_auto() but I can't find an equivalent in WolfSSL.

Share

Re: OpenSSL compatibility layer: Setting dhparams automatically

Hello Georg,

We do not have support for that specific openSSL API. We do handle setting the DH key size automatically during the key exchange:
src/internal.c :: GetDhPublicKey

#ifdef HAVE_FFDHE
    switch (ssl->options.dhKeySz) {
    #ifdef HAVE_FFDHE_2048
        case 2048/8:
            params = wc_Dh_ffdhe2048_Get();
            group = WOLFSSL_FFDHE_2048;
            break;
    #endif
.
.
.

If you are interested in opening a feature request for `SSL_CTX_set_dh_auto` in wolfSSL, please send an email to support@wolfssl.com

Thanks,
Eric @wolfSSL Support

Re: OpenSSL compatibility layer: Setting dhparams automatically

Hi Eric,

thanks for you answer! Does it mean if I don't set dhparam this will be handled automatically (and dhparam size will correspond to rsa key size of server certificate) ?

/Georg

Share

Re: OpenSSL compatibility layer: Setting dhparams automatically

It will be handled automatically only as part of TLS handshake key exchange. If you are building keys, the size will need to be set manually.