[
https://issues.apache.org/jira/browse/TS-3711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14603318#comment-14603318
]
ASF subversion and git services commented on TS-3711:
-----------------------------------------------------
Commit f79a1e786c6dd685e9b4b9320491ba12d8ebfd44 in trafficserver's branch
refs/heads/6.0.x from shinrich
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=f79a1e7 ]
TS-3711: Allow DHE ciphers in ciphersuite list to be negotiable.
(cherry picked from commit c58461c1c3908caada4507109e917c10d0fd1e6b)
> Allow DHE ciphers in the ciphersuite list to be negotiable
> ----------------------------------------------------------
>
> Key: TS-3711
> URL: https://issues.apache.org/jira/browse/TS-3711
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Susan Hinrichs
> Assignee: Susan Hinrichs
> Fix For: 6.0.1
>
>
> As it stands, adding a DHE- cipher to the cipher suite list is not sufficient
> to allow a DHE protocol to be negotiated. One must also add a dhparams file.
>
> We should re-introduce the logic to automatically create DHParams if none is
> specified. We currently have logic in the that could create a fixed 2048 bit
> DHParams, but it is not currently enabled. The disabling was tracked in
> TS-3437.
> Now that we are at a major release, we should reactivate this logic, since it
> seems odd and not user-friendly to have a two step process for activating
> DHE- ciphers (unlike any other cipher family).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
