06.10.2016, 16:52, Heikki Linnakangas kirjoitti:
I propose the attached patch. It gives up on trying to deal with
multiple key lengths (as noted earlier, OpenSSL just always passed
keylength=1024, so that was useless). Instead of using the callback, it
just sets fixed DH parameters with SSL_CTX_set_tmp_dh(), like we do for
the ECDH curve. The DH parameters are loaded from a file called
"dh_params.pem" (instead of "dh1024.pem"), if present, otherwise the
built-in 2048 bit parameters are used.

We've been using the same built-in parameters for 14 years now, they apparently came from https://web.archive.org/web/20011212141438/http://www.skip-vpn.org/spec/numbers.html (the original page is no longer available) and are shared by countless other systems.

While we're not using the most common Oakley groups which are presumed to have been broken by various parties (https://weakdh.org) I think it'd be worthwhile to replace the currently built-in parameters with custom ones. And maybe even regenerate parameters for every minor release.

HAProxy made a similar change last year, see https://github.com/haproxy/haproxy/commit/d3a341a96fb6107d2b8e3d7a9c0afa2ff43bb0b6

/ Oskari

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to