You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2015/03/07 20:59:38 UTC
[Bug 56108] Allow user-defined Diffie-Hellman parameters
https://bz.apache.org/bugzilla/show_bug.cgi?id=56108
--- Comment #1 from Robert Paasche <r....@pripares.com> ---
This would not change anything.
The real solution (based on mod_ssl) would to change the callbackmethod to:
DH *SSL_callback_tmp_DH(SSL *ssl, int export, int keylen)
{
EVP_PKEY *pkey;
int type;
pkey = SSL_get_privatekey(ssl);
type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
/*
* OpenSSL will call us with either keylen == 512 or keylen == 1024
* (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
* Adjust the DH parameter length according to the size of the
* RSA/DSA private key used for the current connection.
*/
if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
keylen = EVP_PKEY_bits(pkey);
}
int idx;
switch (keylen) {
case 512:
idx = SSL_TMP_KEY_DH_512;
break;
case 2048:
idx = SSL_TMP_KEY_DH_2048;
break;
case 4096:
idx = SSL_TMP_KEY_DH_4096;
break;
case 1024:
default:
idx = SSL_TMP_KEY_DH_1024;
break;
}
return (DH *)SSL_temp_keys[idx];
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org