You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/02/04 23:59:34 UTC

[Bug 56108] New: Allow user-defined Diffie-Hellman parameters

https://issues.apache.org/bugzilla/show_bug.cgi?id=56108

            Bug ID: 56108
           Summary: Allow user-defined Diffie-Hellman parameters
           Product: Tomcat Native
           Version: 1.1.29
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: mike@normi.net

Currently, the SSL_CTX_set_tmp_dh_callback() function is used to define a
callback to retrieve DH parameters for SSL connections. Unfortunately, as a
side-effect of the OpenSSL implementation, this means that only 1024 bit DH
keys are used [1].

It's probably better to provide the user with an option to explicitly set the
DH parameters (generated using openssl dhparam), which makes it possible to use
DH parameters over 1024 bits. SSL_CTX_set_tmp_dh() can be used for this.

[1] https://groups.google.com/forum/#!topic/mailing.openssl.users/UmdbGRFsFmY

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org