Hi Apache developers, When using DHE cipher suites on an Apache HTTPS server, we noticed (via Wireshark) that the DHE key size (1024 bits) is smaller than our RSA signature key size (2048 bits nowadays). This seems to be the default behavior, and there are no options to correctly configure the DHE key size.
The DHE modes are supposed to provide forward-secrecy. If a site choses to use a 2048-bit public-key in its cert it means that it considers a 1024-bit modulus insecure. One could make the argument that since the DH parameters are ephemeral they could be generated using a smaller security parameter, but that seems quite dangerous since it will not prevent a targeted attack on a specific session. Thanks, David Huang
