You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2016/03/08 13:18:37 UTC
svn commit: r1734058 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Author: ylavic
Date: Tue Mar 8 12:18:37 2016
New Revision: 1734058
URL: http://svn.apache.org/viewvc?rev=1734058&view=rev
Log:
Document workaround with OpenSSL < 1.0.2 regarding multiple certificates
types (RSA, DSA, ECC) and default DH parameters. PR 59087.
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1734058&r1=1734057&r2=1734058&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Tue Mar 8 12:18:37 2016
@@ -854,7 +854,8 @@ to support multiple algorithms for serve
RSA, DSA, and ECC. The number of supported algorithms depends on the
OpenSSL version being used for mod_ssl: with version 1.0.0 or later,
<code>openssl list-public-key-algorithms</code> will output a list
-of supported algorithms.
+of supported algorithms, see also the note below about limitations
+of OpenSSL versions prior to 1.0.2 and the ways to work around them.
</p>
<p>
@@ -904,6 +905,33 @@ such issues.
</p>
</note>
+<note>
+<title>Default DH parameters when using multiple certificates and OpenSSL
+versions prior to 1.0.2</title>
+<p>
+When using multiple certificates to support different authentication algorithms
+(like RSA, DSA, but mainly ECC) and OpenSSL prior to 1.0.2, it is recommended
+to either use custom DH parameters (preferably) by adding them to the
+first certificate file (as described above), or to order the
+<directive>SSLCertificateFile</directive> directives such that RSA/DSA
+certificates are placed <strong>after<strong> the ECC one.
+</p>
+<p>
+This is due to a limitation in older versions of OpenSSL which don't let the
+Apache HTTP Server determine the currently selected certificate at handshake
+time (when the DH parameters must be sent to the peer) but instead always
+provide the last configured certificate. Consequently, the server may select
+default DH parameters based on the length of the wrong certificate's key (ECC
+keys are much smaller than RSA/DSA ones and their length is not relevant for
+selecting DH primes).
+</p>
+<p>
+Since custom DH parameters always take precedence over the default ones, this
+issue can't be avoided by creating and configuring them (as described above),
+thus using the custom/suitable length.
+</p>
+</note>
+
<example><title>Example</title>
<highlight language="config">
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt