You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Jan-Frode Myklebust (JIRA)" <ji...@apache.org> on 2013/11/24 23:51:35 UTC

[jira] [Created] (TS-2392) Enable elliptic curve ciphers to support forward secrecy

Jan-Frode Myklebust created TS-2392:
---------------------------------------

             Summary: Enable elliptic curve ciphers to support forward secrecy
                 Key: TS-2392
                 URL: https://issues.apache.org/jira/browse/TS-2392
             Project: Traffic Server
          Issue Type: Improvement
          Components: Core
            Reporter: Jan-Frode Myklebust


ATS does not seem to support the elliptic curve diffie hellman ephemeral key exchanges (ECDH)  that are available in openssl. It seems these needs to be enabled explicitly to take advantage of them. Ref: the following commit for how this support was added to apache httpd v2.3.3:

http://mail-archives.apache.org/mod_mbox/httpd-cvs/200911.mbox/%3C20091110075514.166A6238890A@eris.apache.org%3E

and for stud:

https://github.com/bumptech/stud/pull/61/files

Maybe both a DH key exchange needs to be set up, and then the various elliptic curves needs to be initialized..?




--
This message was sent by Atlassian JIRA
(v6.1#6144)