On 15/09/2013 11:41, Kaspar Brand wrote: > This grew out of working on a proof of concept for > https://issues.apache.org/bugzilla/show_bug.cgi?id=49559 ("Patch to add > user-specified Diffie-Hellman parameters"). I would appreciate to get > more feedback on the changes proposed with the two attached patches... > which is the reason I'm taking the thing to the list. >
A couple of comments. For DH you can get improved server performance by using the length or subprime q. This isn't well supported in currently released versions of OpenSSL unfortunately. For OpenSSL 1.0 and earlier the dh->length parameter can be set. For 1.0.1 and later the subprime value 'q' can be used too (q is included in the structure for previous versions of OpenSSL but not used). The current master branch of OpenSSL supports use of X9.42 DH parameters from a file, that functionality will probably be back ported to (unreleased) 1.0.2. So I'd suggest using parameters where you can set both q and length. For ECDH and released versions of OpenSSL the best that can be currently done is to set the parameters in the server and hope the client supports them (via supported curves extension): if not then ECDSA/ECDH wont be negotiated at all. Use of P-256 is usually safe for this. For OpenSSL 1.0.2 you can just call: SSL_CTX_set_ecdh_auto(ctx, 1); and the most appropriate curve is used automatically. The proposed change doesn't permit finer control of EC parameters: e.g. if it is desired to use non-default curve preferences. While this can be done explicitly at the Apache level I'd suggest instead that the SSL_CONF support code is backported instead: which supports a lot more. If there's anything I can do to help with that let me know. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 [email protected]
