[
https://issues.apache.org/jira/browse/TS-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14192207#comment-14192207
]
Susan Hinrichs commented on TS-2417:
------------------------------------
Looks good to me.
It does always load DH group parameters for each context (either hard-coded
value or value from the DHParams file). And marks the context to pick a new DH
pair for each use. There is no opt-out. Not clear that is necessary. There
is no opt-out for enabling ECDH either.
If you really cared, I would guess that you could adjust the cipher list to
avoid the ciphers that use DH.
> Add forward secrecy support with DHE (SSL related)
> --------------------------------------------------
>
> Key: TS-2417
> URL: https://issues.apache.org/jira/browse/TS-2417
> Project: Traffic Server
> Issue Type: Improvement
> Components: HTTP, SSL
> Reporter: Bryan Call
> Assignee: John Eaglesham
> Fix For: sometime
>
> Attachments: ats_dhe-2.patch
>
>
> mod_ssl bug and changes:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49559
> Discussion on httpd-dev list:
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%[email protected]%3E
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
