https://bz.apache.org/bugzilla/show_bug.cgi?id=59087
Bug ID: 59087
Summary: DH parameters with too small prime lengths used
Product: Apache httpd-2
Version: 2.4.10
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
mod_ssl is supposed to use dynamic DH parameter prime lengths. According to the
mod_ssl docs it "hands them out to clients based on the length of the
certificate's RSA/DSA key".
With a configuration with a 2560 bit RSA key, the DH parameter size is 3072
bits, which is fine.
After adding a second ECC certificate with 256 bits to the server, then the
calculation of the DH parameter size for RSA connections fails. With the
additional ECC key installed mod_ssl will use only 1024 bits for DH the
parameters for RSA connections.
For example
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 3072 bits FS
will be
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK
after adding the additional ECC certificate to the server.
Only the key size of the RSA cert should be used for the calculation of the DH
parameter size of RSA key based connections.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
