hello,

if it happens, the two peers will not derive the same key, what will make further encrypted messages undecipherable by peer

but the correct protocol includes parameters exchange (generator and modulus), and those are also included in the EVP_PKEY objects
In particular, you must transmit parameters each time you use ephemeral DH, or those can be public anyway for example trough a certificate.


I did not find such sanity checks in key derivation functions, so I guess you have to be careful

Best regards
Nicolas

----- Mail original -----
De: "Francis GASCHET" <fg-KCajlHxIPtVQFI55V6+***@public.gmane.org>
À: openssl-users-MCmKBN63+***@public.gmane.org
Envoyé: Lundi 22 Septembre 2014 14:30:00
Objet: TLS : DH groups

Hello,

When we create DH parameters we have to specify the group (2 or 5).
What does happen if both sides of the connection don't use the same group ?

Best regards,
--
Francis

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

"g=2" is not "the group", it is a generator of a large cyclic group
modulo some large prime "p". "The group" consists of the pair (p,
g), or sometimes the triple (p, g, q) where "q" is the order (size)
of of the cyclic group.
In TLS, the server designates the group, and the client must use
that.