You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Jan-Frode Myklebust (JIRA)" <ji...@apache.org> on 2013/11/24 23:51:35 UTC
[jira] [Created] (TS-2392) Enable elliptic curve ciphers to support
forward secrecy
Jan-Frode Myklebust created TS-2392:
---------------------------------------
Summary: Enable elliptic curve ciphers to support forward secrecy
Key: TS-2392
URL: https://issues.apache.org/jira/browse/TS-2392
Project: Traffic Server
Issue Type: Improvement
Components: Core
Reporter: Jan-Frode Myklebust
ATS does not seem to support the elliptic curve diffie hellman ephemeral key exchanges (ECDH) that are available in openssl. It seems these needs to be enabled explicitly to take advantage of them. Ref: the following commit for how this support was added to apache httpd v2.3.3:
http://mail-archives.apache.org/mod_mbox/httpd-cvs/200911.mbox/%3C20091110075514.166A6238890A@eris.apache.org%3E
and for stud:
https://github.com/bumptech/stud/pull/61/files
Maybe both a DH key exchange needs to be set up, and then the various elliptic curves needs to be initialized..?
--
This message was sent by Atlassian JIRA
(v6.1#6144)