Hi guys, as requested by chris some explanation to the problem.
The problem is, that openssl call the method "SSL_callback_tmp_DH" with keylen value of 512 or 1024. This cause that the cipher of the ssl handshake (key exchange) for a ssl-connection will never be longer as 1024 bit, even if the private key is longer (2048 bit and more are very common). The needed changes to ensure that the used cipher has at least the length of the private key are posted as a comment to the ticket https://bz.apache.org/bugzilla/show_bug.cgi?id=56108 Explained code changes: Get the Privatekey: pkey = SSL_get_privatekey(ssl); type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; if the encryption algorithem is either RSA or DSA we override the given keylen parameter to match the length of the private key: keylen = EVP_PKEY_bits(pkey); This changes ensure Perfect Forward Secrecy (PFS) for DH key exchange usage. The changes is based of the lines 1339 - 1357 from the following file of mod_ssl: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?view=markup For a more detailed description of this problem can be found on: http://security.stackexchange.com/a/42816 Best, Robert Robert Paasche Senior Developer pripares GmbH Altheimer Eck 2 80331 München Tel +49 (0)89 45 22 808 - 30 Fax +49 (0)89 45 22 808 - 58 Mail r.paas...@pripares.com Web www.pripares.com Handelsregister: Registergericht München HRB 138701 Sitz der Gesellschaft: München Geschäftsführer: Aßmann Christoph, Ertl Andreas Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail und der darin enthaltenen Informationen sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. 2015-03-10 16:26 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net >: > Robert, > > On 3/10/15 10:59 AM, Robert Paasche wrote: > > this may be a little offtopic, but I postet a fix for the native-library > at > > bug https://bz.apache.org/bugzilla/show_bug.cgi?id=56108. > > I saw that comment and proposed patch. I must admit I don't quite > understand both the problem and the solution (yet). I'd be happy to hear > an in-depth explanation in another thread. Care to start one and give me > a quick education? > > > The fix is based on the mod_ssl implementation of the httpd project for > the > > DH-based key exchange. This ensures that the used DH-Cipher is at least > the > > size of the private-key, otherwise the Cipher has a length of only 512 or > > 1024 bits. Is it possible to release this fix within Tomcat 7.0.60? > > That depends upon the status of tcnative. If we can get a release done > for tcnative before Violetta rolls 7.0.60, then it can go in. Otherwise, > it'll have to wait for 7.0.61. I suspect that 7.0.61 isn't going to be > months away, so it wouldn't be terrible if tcnative had to wait. > > -chris > >
