On Tue, Jun 06, 2000 at 03:42:58PM +0200, Arne Ansper wrote:
> I made a small modification to s3_clnt.c to support reusing the ephemeral
> Diffie-Hellman key on client side.
>
> I have a centrally managed system with many servers and single client
> which communicate using SSL. I use EDH ciphers to ensure PFS and all
> servers use the same set of Diffie-Hellman parameters. Client will connect
> to all servers on startup. During SSL handshake server sends his DHparams
> to client and client will generate different key for every server. This
> is quite expensive and will hang client for minute or so.
Why's that? DH *parameter* generation is that slow, but only the
server has to do it. All the client does for generating its DH *key*
is an exponentiation with a random exponent. (Then another
exponentation is done to compute the shared DH secret.)
> But since client knows the DH parameters he can pregenerate single DH key
> for all servers and when parameters sent by server match the parameters of
> the pregenerate key use it.
This is safe only when the client can be sure that the DH parameters
fulfil certain conditions (safe primes are OK). In general, this
approach could lead to certain small-exponent attacks (Lim/Lee).
On the other hand, if you assume that the client can be sure about
certain properties about the DH parameters, then you could speed
up the handshake even more by using short exponents (either with
one-time client DH keys, or as in your patch with predefined
keys). All this depends very much on the application, so the
most appropriate solution if anyone really thinks this is needed
would be some callback.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
