Bug 2007178
Summary: | httpd ignoring dhparams after update to 2.4.49-1 | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | chotaire+fedora |
Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 34 | CC: | anon.amish, jkaluza, jorton, luhliari, mturk, pahan, petr.hruska, redhat-bugzilla |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | httpd-2.4.51-2.fc36 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-01-04 08:05:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
chotaire+fedora
2021-09-23 10:18:00 UTC
Apologies, of course the following packages are affected: Upgrade httpd-2.4.49-1.fc34.x86_64 @updates Upgrade httpd-devel-2.4.49-1.fc34.x86_64 @updates Upgrade httpd-filesystem-2.4.49-1.fc34.noarch @updates Upgrade httpd-tools-2.4.49-1.fc34.x86_64 @updates Hm, interesting, thanks for the report. In 2.4.48 mod_ssl had a callback which provided fallback DH parameters (from OpenSSL) and we switched to the OpenSSL-internal implementation in a patch to 2.4.49. I did not expect this to have affected user-supplied parameters. Note that the *parameters* are not the same as keys, which are generated during the neogiation. OpenSSL encourages use of the built-in parameters over supplying your own, as documented here - https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_dh_auto.html Thanks for the reply. Qualys SSL Labs thinks otherwise and will degrade websites with DH keys lower than 4096 bits, from a key exchange score of 100 to 90. This is how I found the actual issue. In both the new and old code the key length used in the temporary DH key is derived from the private key for the SSL vhost, although the algorithm used in OpenSSL is slightly different to the algorithm implemented in mod_ssl. If you use a 4096-bit key you'll get a 4096 bit DH key. We can probably revert to the old behaviour until OpenSSL 3.0, and I think could even then disable use of the OpenSSL parameter selection if a key is present in SSLCertificateFile. Hm, from what I remember I had to supply "SSLOpenSSLConfCmd DHParameters" with a 4096 bits DH key, even if a 4096 bits SSL certificate was already in use, to achieve the desired result. Otherwise I would never have used this configuration option in the first place. This is something we can test. Not that I have any say on this, but I guess a revert would be a good solution. (In reply to chotaire+fedora from comment #5) > Hm, from what I remember I had to supply "SSLOpenSSLConfCmd DHParameters" > with a 4096 bits DH key, even if a 4096 bits SSL certificate was already in > use, to achieve the desired result. Otherwise I would never have used this > configuration option in the first place. This is something we can test. If that doesn't work definitely let me know since it should be a bug. Package: httpd-2.4.51-2.fc36 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=1844591 I have tested in my environment httpd-2.4.51-2 modification and can see that DH parameters provided in first certificate are now taken in to use. But DH parameters provided via "SSLOpenSSLConfCmd DHParameters " config option are still ignored. Is that expected? (In reply to Petr Hruska from comment #8) > I have tested in my environment httpd-2.4.51-2 modification and can see that > DH parameters provided in first certificate are now taken in to use. But DH > parameters provided via "SSLOpenSSLConfCmd DHParameters " config option are > still ignored. Is that expected? Yes. This behaviour is kind of quirk of how OpenSSL works and there is not much we can do about it at mod_ssl level, patches in Fedora are merged in upstream 2.4.52 now, so we are inline with upstream. |