Am 04-06-2015 23:29, schrieb Emmanuel Thomé:
On Thu, Jun 04, 2015 at 05:54:51PM +0200, Willy Tarreau wrote:
I simply used "openssl dhparam <size>" as suggested, and am trusting
openssl to provide something reasonably safe since this is how every user
builds their own dhparam when they don't want to use the initial one.

I have no idea how openssl does it internally, I'm not a cryptanalyst,
just a user and I have to trust openssl not to fail on me.

openssl dhparam <size> can be assumed to do its job reasonably well. The
only problem is that with the default primes you are in effect a third
party generating the prime, and you cannot provide a certificate that the
prime you've put as default was indeed produced by this mechanism.

> A paranoid user would believe that it has been generated by
> (say) NSA, which convinced you to claim that it's random material

Yes but such paranoid users also accuse everyone of much funnier things
so I don't care much about what they believe.

Fair enough. I just point you at the relevant information, you're free to do whichever way seems most appropriate to you. I agree that the paranoid
user would want to generate his own parameters anyway.

Due to the fact that the generation take some time I have created a cronjob which do this every day at 2.

It's nothing special and really straight forward but solve the problem.

##### cat /root/regenerate_dh_files.sh

cd /tmp

openssl dhparam -out dh_512.pem 512 && mv dh_512.pem /etc/ssl/dh_512.pem
openssl dhparam -out dh_1024.pem 1024 && cp dh_1024.pem /etc/ssl/dh_1024.pem && mv dh_1024.pem /etc/postfix/dh_1024.pem openssl dhparam -out dh_2048.pem 2048 && mv dh_2048.pem /etc/ssl/dh_2048.pem

Then a restart/reload and everything is in place.

BR Aleks



P.S: openssl dhparams takes a while because prime testing is slow. At
least, algorithmically speaking, this is the difficult point.

Reply via email to