You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/02/04 23:59:34 UTC
[Bug 56108] New: Allow user-defined Diffie-Hellman parameters
https://issues.apache.org/bugzilla/show_bug.cgi?id=56108
Bug ID: 56108
Summary: Allow user-defined Diffie-Hellman parameters
Product: Tomcat Native
Version: 1.1.29
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Library
Assignee: dev@tomcat.apache.org
Reporter: mike@normi.net
Currently, the SSL_CTX_set_tmp_dh_callback() function is used to define a
callback to retrieve DH parameters for SSL connections. Unfortunately, as a
side-effect of the OpenSSL implementation, this means that only 1024 bit DH
keys are used [1].
It's probably better to provide the user with an option to explicitly set the
DH parameters (generated using openssl dhparam), which makes it possible to use
DH parameters over 1024 bits. SSL_CTX_set_tmp_dh() can be used for this.
[1] https://groups.google.com/forum/#!topic/mailing.openssl.users/UmdbGRFsFmY
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org