On Wed, May 20, 2015, at 17:48, Xin Li wrote: ]> > Well, currently OpenSSL do accept weak DH so _arguably_ it does affect > FreeBSD, and it's likely to break existing applications if we enforce > such restrictions (namely, Java 6). > AFAIK, Java doesn't support >1024 DH key until Java 8.