06.10.2016, 16:52, Heikki Linnakangas kirjoitti:
> I propose the attached patch. It gives up on trying to deal with
> multiple key lengths (as noted earlier, OpenSSL just always passed
> keylength=1024, so that was useless). Instead of using the callback, it
> just sets fixed DH parameters with SSL_CTX_set_tmp_dh(), like we do for
> the ECDH curve. The DH parameters are loaded from a file called
> "dh_params.pem" (instead of "dh1024.pem"), if present, otherwise the
> built-in 2048 bit parameters are used.
We've been using the same built-in parameters for 14 years now, they
apparently came from
https://web.archive.org/web/20011212141438/http://www.skip-vpn.org/spec/numbers.html
(the original page is no longer available) and are shared by countless
other systems.
While we're not using the most common Oakley groups which are presumed
to have been broken by various parties (https://weakdh.org) I think it'd
be worthwhile to replace the currently built-in parameters with custom
ones. And maybe even regenerate parameters for every minor release.
HAProxy made a similar change last year, see
https://github.com/haproxy/haproxy/commit/d3a341a96fb6107d2b8e3d7a9c0afa2ff43bb0b6
/ Oskari
