TLDR: I don't think the DH work done in 2.7e to support DH bits>1024 will ever choose the 2048bit key.
See below. On 12/10/14, 7:13 AM, Adam Tkac wrote: > On 12/09/2014 09:14 PM, Joe Gooch wrote: >> Also, given the DH implementation in pound official 2.7e (Looks like >> 2048 bit was added)... Could someone please test this against ssllabs? >> I implemented my DH patch the way I did because it seemed like no matter >> what I threw at pound, the dh_tmp_callback never returns a bits value >>> 1024. That's why I skipped the callback entirely when I implemented it >> in pcidss/v2.6 and the stage_for_upstream branches. SSL labs was still >> showing 1024bit, even when I made 2048bit keys available. > You are right, 2048 DH is never used because openssl calls > DH_tmp_callback() only with keylength 512 or 1024... > > Regards, Adam > Thank you for corroborating :) This seems to be related too: https://groups.google.com/forum/#!topic/mailing.openssl.users/UmdbGRFsFmY That's why when I implemented DHParams (in my branch) if you supply a custom PEM, it just always supplies that DH key instead of the one compiled into pound. It means it can't choose between export and non-export anymore... It could be implemented instead to replace the export DH or the non-export DH. I just didn't go in that direction. Ideally the openssl library would supply the key length of the cipher and choose intelligently... For instance, when I set my DH keys to 2048bit, I lose Java 6 compatibility. (Because Java 6 doesn't support DH > 1024) Ultimately that's not a big deal... Anyone using Java 6 *should* be able to upload to Java 7. But if the callback provided more information, it's possible it could maybe choose more intelligently. I'm not about to add user agent specific DH behavior, that seems even more kludge-y. So my solution was to just create the option and allow each user to choose on their own. Joe -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
