Am 04-06-2015 23:29, schrieb Emmanuel Thomé:
On Thu, Jun 04, 2015 at 05:54:51PM +0200, Willy Tarreau wrote:
I simply used "openssl dhparam <size>" as suggested, and am trusting
openssl to provide something reasonably safe since this is how every
builds their own dhparam when they don't want to use the initial one.
I have no idea how openssl does it internally, I'm not a cryptanalyst,
just a user and I have to trust openssl not to fail on me.
openssl dhparam <size> can be assumed to do its job reasonably well.
only problem is that with the default primes you are in effect a third
party generating the prime, and you cannot provide a certificate that
prime you've put as default was indeed produced by this mechanism.
> A paranoid user would believe that it has been generated by
> (say) NSA, which convinced you to claim that it's random material
Yes but such paranoid users also accuse everyone of much funnier
so I don't care much about what they believe.
Fair enough. I just point you at the relevant information, you're free
do whichever way seems most appropriate to you. I agree that the
user would want to generate his own parameters anyway.
Due to the fact that the generation take some time I have created a
cronjob which do this every day at 2.
It's nothing special and really straight forward but solve the problem.
##### cat /root/regenerate_dh_files.sh
openssl dhparam -out dh_512.pem 512 && mv dh_512.pem /etc/ssl/dh_512.pem
openssl dhparam -out dh_1024.pem 1024 && cp dh_1024.pem
/etc/ssl/dh_1024.pem && mv dh_1024.pem /etc/postfix/dh_1024.pem
openssl dhparam -out dh_2048.pem 2048 && mv dh_2048.pem
Then a restart/reload and everything is in place.
P.S: openssl dhparams takes a while because prime testing is slow. At
least, algorithmically speaking, this is the difficult point.