From f4e1169341ad1217e670387db5b0c12d680f95f4 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 9 Feb 2012 15:42:10 +0000 Subject: Modify client hello version when renegotiating to enhance interop with some servers. --- demos/certs/mkcerts.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'demos') diff --git a/demos/certs/mkcerts.sh b/demos/certs/mkcerts.sh index 0d55e8f..2cf3948 100644 --- a/demos/certs/mkcerts.sh +++ b/demos/certs/mkcerts.sh @@ -30,7 +30,10 @@ $OPENSSL x509 -req -in creq.pem -CA intca.pem -CAkey intkey.pem -days 3600 \ # First DH parameters -[ -f dhp.pem ] || $OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dhp.pem +$OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dhp.pem + +# Uncomment out this line for X9.42 DH parameters instead +$OPENSSL genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2 # Now a DH private key $OPENSSL genpkey -paramfile dhp.pem -out dhskey.pem -- cgit v1.1