[Bug 56108] New: Allow user-defined Diffie-Hellman parameters

bugzilla Tue, 04 Feb 2014 15:00:11 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=56108


            Bug ID: 56108
           Summary: Allow user-defined Diffie-Hellman parameters
           Product: Tomcat Native
           Version: 1.1.29
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: m...@normi.net

Currently, the SSL_CTX_set_tmp_dh_callback() function is used to define a
callback to retrieve DH parameters for SSL connections. Unfortunately, as a
side-effect of the OpenSSL implementation, this means that only 1024 bit DH
keys are used [1].

It's probably better to provide the user with an option to explicitly set the
DH parameters (generated using openssl dhparam), which makes it possible to use
DH parameters over 1024 bits. SSL_CTX_set_tmp_dh() can be used for this.

[1] https://groups.google.com/forum/#!topic/mailing.openssl.users/UmdbGRFsFmY

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56108] New: Allow user-defined Diffie-Hellman parameters

Reply via email to