A DH Cipher of length 2048 bits uses a prime of 256 so even a private key of 8192 bits should match the requirements of java 7.
Example: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits (p: 256, g: 1, Ys: 256) p = prime Robert Paasche Senior Developer pripares GmbH Altheimer Eck 2 80331 München Tel +49 (0)89 45 22 808 - 30 Fax +49 (0)89 45 22 808 - 58 Mail r.paas...@pripares.com Web www.pripares.com Handelsregister: Registergericht München HRB 138701 Sitz der Gesellschaft: München Geschäftsführer: Aßmann Christoph, Ertl Andreas Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und löschen Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail und der darin enthaltenen Informationen sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. 2015-03-10 17:40 GMT+01:00 Rainer Jung <rainer.j...@kippdata.de>: > Am 10.03.2015 um 17:36 schrieb Rainer Jung: > > Am 10.03.2015 um 17:16 schrieb Robert Paasche: >> >>> Hi guys, >>> >>> as requested by chris some explanation to the problem. >>> >>> The problem is, that openssl call the method "SSL_callback_tmp_DH" >>> with keylen >>> value of 512 or 1024. This cause that the cipher of the ssl handshake >>> (key >>> exchange) for a ssl-connection will never be longer as 1024 bit, even if >>> the private key is longer (2048 bit and more are very common). >>> >>> The needed changes to ensure that the used cipher has at least the length >>> of the private key are posted as a comment to the ticket >>> https://bz.apache.org/bugzilla/show_bug.cgi?id=56108 >>> >>> Explained code changes: >>> >>> Get the Privatekey: >>> pkey = SSL_get_privatekey(ssl); >>> type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; >>> >>> if the encryption algorithem is either RSA or DSA we override the given >>> keylen parameter to match the length of the private key: >>> keylen = EVP_PKEY_bits(pkey); >>> >>> This changes ensure Perfect Forward Secrecy (PFS) for DH key exchange >>> usage. >>> >>> The changes is based of the lines 1339 - 1357 from the following file of >>> mod_ssl: >>> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/ >>> modules/ssl/ssl_engine_kernel.c?view=markup >>> >>> >>> For a more detailed description of this problem can be found on: >>> http://security.stackexchange.com/a/42816 >>> >> >> Some more data points: the change in httpd was introduced by >> >> http://svn.apache.org/viewvc?view=revision&revision=1542327 >> >> in November. It is a backport to httpd 2.4 from trunk of the following 5 >> changes: >> >> http://svn.apache.org/viewvc?view=revision&revision=1526168 >> >> http://svn.apache.org/viewvc?view=revision&revision=1527291 >> >> http://svn.apache.org/viewvc?view=revision&revision=1527294 >> >> http://svn.apache.org/viewvc?view=revision&revision=1527295 >> >> http://svn.apache.org/viewvc?view=revision&revision=1527926 >> (not relevant here) >> >> The r1527295 change contains the following change which IMHO is the one >> in question: >> >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ >> ssl_engine_kernel.c?r1=1527295&r2=1527294&pathrev=1527295 >> >> >> Most of the other listed changes might be interesting as well. >> > > According to > > http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html#javadh > > there could be interop problems with Java 7 clients and DH params with > primes longer than 1024 bits. > > > Rainer > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
