tags 765867 + patch
thanks
I've read (and tested) the patch submitted by Matthias Hunstock. I think it
would be prudent to follow the advice in the OpenSSL documentation and enable
the option SSL_OP_SINGLE_DH_USE. (Patch attached.) This may not matter when
perdition is run from inetd, but in daemon mode the DH parameters are read
only once, by the process that listens for incoming connections, and only
used in the children after forking, so if one doesn't set SSL_OP_SINGLE_DH_USE
I'd expect *every* child to end up using the same random number, which risks
defeating forward secrecy. See the SSL_set_tmp_dh(3) man page.
The attached patch may apply with a slight offset due to other changes I've
made to the source file (to enable explicit configuration of the permitted
SSL/TLS protocol versions).
Turn on SSL_OP_SINGLE_DH_USE to prevent reuse of DH keys.
This setting is recommended by the OpenSSL developers. It may have a slight
performance impact on every connection but the additional peace of mind it
provides should be more than worth it.
--- a/perdition/ssl.c
+++ b/perdition/ssl.c
@@ -583,6 +583,7 @@
("Loaded Diffie-Hellman parameters: \"%s\"", dhfile);
}
DH_free(dh);
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_DH_USE);
}
}
}
