Re: [PATCH] Add a configurable support of standardized DH parameters >= 1024 bits, disabled by default

Sun, 18 May 2014 23:00:06 -0700 

On 19.05.2014 06:51, Willy Tarreau wrote:

Hi RĂ©mi,

On Mon, May 12, 2014 at 06:34:01PM +0200, Remi Gacogne wrote:

Hi,

On 05/05/2014 12:06 PM, Sander Klein wrote:

> I've added a 2048bit dhparam to my most used certificates and I don't
> see a big jump in resource usage.
>
> This was not a big scientific test, I just added the DH params in my
> production and looked if the haproxy process started eating more CPU. As
> far as I can tell CPU usage went up just a couple percent. Not a very
> big deal.
>
> So, to me using 2048bit doesn't seem like a problem. And..... I can
> always switch to nbproc > 1 ;-)

Thank you Sander for taking the time to do this test! I am still not
sure it is a good idea to move a default of 2048 bits though.

Here is a new version of the previous patch that should not require
OpenSSL 0.9.8a to build, but instead includes the needed primes from
rfc2409 and rfc3526 if OpenSSL does not provide them. I have to admit I 
don't have access to an host with an old enough OpenSSL to test it
correctly. It still defaults to use 1024 bits DHE parameters in order
not to break anything.

Willy, do you have any thoughts about this patch or any other way to
simplify the use of stronger DHE parameters in haproxy 1.5? I know it
can already be done by generating static DH parameters, but I am afraid 
most administrators may find it too complicated and therefore not dare
to test it.
I'd have applied a very simple change to your patch : I'd have initialized global.tune.ssl_max_dh_param to zero by default, and emitted a warning here : 

+               if (global.tune.ssl_max_dh_param <= 1024) {
+ /* we are limited to DH parameter of 1024 bits anyway */ 
+                       Warning("Setting global.tune.ssl_max_dh_param
to 1024 by default, if your workload permits it you should set it to
at least 2048. Please set a value >= 1024 to make this warning
disappear.");
+                       global.tune.ssl_max_dh_param = 1024;
+                       dh = ssl_get_dh_1024();
+                       if (dh == NULL)
+                               goto end;
What do you think ? That way it seems like only people really using the default 
value will get the warning.
What happens if you also have DH appended to your certificates? You set global.tune.ssl_max_dh_param to 1024 but you have a 4096bit DH in your certificate file, which one is used then? An answer could be 'Don't do that' :-) but I was curious. 

Greets,

Sander

Reply via email to