Bug 1180223
Summary: | mod_ssl uses small DHE parameters for non standard RSA keys | ||
---|---|---|---|
Product: | Red Hat Software Collections | Reporter: | Ondřej Pták <optak> |
Component: | httpd | Assignee: | Jan Kaluža <jkaluza> |
Status: | CLOSED ERRATA | QA Contact: | Ondřej Pták <optak> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | httpd24 | CC: | hkario, isenfeld, jkaluza, jorton, kanderso, mfrodl, rmainz |
Target Milestone: | rc | ||
Target Release: | 2.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | httpd24-httpd-2.4.12-1.el7 httpd24-httpd-2.4.12-1.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1073078 | Environment: | |
Last Closed: | 2015-06-04 09:13:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1057687, 1071292, 1073078 | ||
Bug Blocks: | 1073081 |
Comment 1
Ondřej Pták
2015-01-08 16:19:39 UTC
httpd24-mod_ssl-2.4.12-6.el7, httpd24-mod_ssl-2.4.12-3.el6 ========================================================== :: [ INFO ] :: Testing 2047 bit RSA keys with 2048 DHE keys :: [ PASS ] :: Command 'openssl req -x509 -newkey rsa:2047 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt -subj /CN=localhost -nodes -batch' (Expected 0, got 0) :: [ PASS ] :: Start httpd server (Expected 0, got 0) :: [ PASS ] :: Command 'openssl s_client -CAfile /etc/pki/tls/certs/localhost.crt -cipher 'ALL:!ECDH' -connect localhost:443 < request.txt' (Expected 0, got 0) :: [ PASS ] :: File '/var/tmp/tmp.m4Fl0eo74L' should contain 'Server Temp Key: DH, 2048 bits' :: [ PASS ] :: File '/var/tmp/tmp.m4Fl0eo74L' should contain 'Server public key is 2047 bit' Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1056.html |