DH_GRP_MIN is currently 1024, should it be bumped to 2048?

Mark D. Baushke mdb at juniper.net
Sat Jul 25 09:25:38 AEST 2015


Greetings,

Given the weakness with Diffie-Hellman modp groups less than 2048, is it
time to bump the suggested 1024 bit minimum value from the RFC 4419 to a
more current 2048 value for OpenSSH 7.0?

If so, should this be just a compile-time change, or should there be a
new client and server runtime option?

	Thanks,
	-- Mark


More information about the openssh-unix-dev mailing list