I meant "Diffie Hellman", my iPhone spell checker has a mind of its own :)
Sent from my iPhone > On Aug 6, 2018, at 4:37 PM, Piyush K <mtc9...@gmail.com> wrote: > > Hi Christopher, > > I am using my own custom OpenSSL engine that I wrote for elliptical curve > doggie Hellman (ECDH) > > I am setting the SSLEngine to my engine name in the Listener in the > tomcat configuration file (conf/server.xml) > > But looks like the engine is not being set in the function call to > SSL_dh_GetParamFromFile(...) which returns the pointer to DH (in file > tomcat-native-1.2.16-arc/native/src/sslcontext.c) , I don't believe the > engine is being set (as > SSL_dh_GetParamFromFile(...) calls PEM_read_bio_DHparams(...). However > SSL_dh_GetParamFromFile doesn't set the ENGINE * parameter inside the > structure for DH (aliased as dh_st). Because ENGINE * is not set the default > OpenSSL implementation for ECDH is getting called. > Please correct me if I am wrong, > > Regards, > Piyush > > Sent from my iPhone > >> On Aug 4, 2018, at 8:49 AM, Christopher Schultz >> <ch...@christopherschultz.net> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Piyush, >> >>> On 8/3/18 2:52 PM, Piyush K wrote: >>> >>> Dear tomcat community, >>> >>> I have a question - I am using tomcat and OpenSSL (with apr and >>> tomcat= -native-1.2.16). Versions are as follows :- apr-1-config >>> 1.5.2 tomcat-native-1.2.16 OpenSSL 1.1.0 Tomcat 8.5.31 >>> >>> This works fine with my custom OpenSSL 1.1.0 installation.=20 Next >>> I wrote my own custom OpenSSL engine for ECDHE (ephemeral even), >>> howeve= r tomcat native still seems to make calls to the default >>> ECDHE engine that c= omes with OpenSSL (instead of using mine, even >>> though I compiled, tested and= installed the needed shared object >>> in the relevant directory for OpenSSL e= ngines shared objects). >>> Does the tomcat native code needs to be modified to support a >>> custom OpenSSL= engine for ECDHE.=20 If yes, can I get some help on >>> which places and which files one needs to mod= ify (I have looked >>> at the file sslcontext.c but it is bit very clear on how t= o tie >>> your custom OpenSSL ECDHE engine with the EC keys being generated) >> >> >> Do you have you own "engine" or are you just replacing one of the >> cipher suites? >> >> What does your Tomcat <Connector> configuration and APR <Listener> >> look like? >> >> You probably have to set the "SSLEngine" attribute to identify your >> custom engine. >> >> http://tomcat.apache.org/tomcat-8.5-doc/config/listeners.html#APR_Lifecy >> cle_Listener_-_org.apache.catalina.core.AprLifecycleListener >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltlyvAACgkQHPApP6U8 >> pFjFZQ//QLHn9And0bqhlz/XQ01cwNA4ClpoCcMwd7t9DYsgLx26vRksIYCWiqIp >> sUUZTlEJ4HDroKZcH4AkxPUER0Y1i0aC3Var4UfgNaojDH0upsX2mrm5P4JXHuXb >> 6KiRkDfnRrkNAXoOiVFiaP/gK/jMtBDzPOgAGuOpHCDyaxXUCEQK+U0krPbslsLO >> 3rsQuN/R+qj7DpR9j61Mpj4R4tCq+nKLcUH9xj6NlKfMTSkwaICYerjV1eBD0WAE >> TI6u7Kd8gB8GLdug8kwct21jxi1vpspaOx5lxy9fe0YwAvvjz2xyT5Z+wlG6L+pT >> 9e/VGI3wzvSaUP3yk2S3lw6cVmnuGRsODorDgmvzE3XptFl++uPM76QxlktChKjd >> NsL25/EsxcPCSEiRUnevCPcnoJu4Dl/PdmNOZrd0oVuyRCaSFqOd4cLZ0mwvAjPE >> TXQ7JKeGwu1MvmHPVoQ8J4uxIwwxhwWV/WGx9FdURjkGjBC9E6VMCi1D3rK2T3U3 >> LeZhzf9ZKWyI3BFfFZtcEgMZe1lQGu9d8ck4fAgNaFn50v+rDdCGFnfdZhu1htXR >> +JgzXXwyJMZJQuTDEMrr9xwZxsJjPx2RfSYTyY6iLeRfCsvxpi6gC8AsKKlsL7lV >> RrWaOfU6sLJA4usrUtDu5fm54UjleW7ZfWvzhO1Kdhde3B9QjEQ= >> =0b3l >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
