Bug 1064878 - Custom/big DH parameters not supported
Summary: Custom/big DH parameters not supported
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd
Version: 20
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
Assignee: Jan Kaluža
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1057656 1057687
TreeView+ depends on / blocked
 
Reported: 2014-02-13 13:09 UTC by Hubert Kario
Modified: 2014-08-20 12:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1057687
Environment:
Last Closed: 2014-08-20 12:48:59 UTC
Type: Bug


Attachments (Terms of Use)

Description Hubert Kario 2014-02-13 13:09:48 UTC
+++ This bug was initially created as a clone of Bug #1057687 +++

Description of problem:
When using DHE based cipher suites, the offered DH parameters by mod_ssl are always 1024 bit sized, even if the certificate used is 2048 bit.
This makes httpd not compliant with NIST SP 800-131A when DHE cipher suite is negotiated since 1st of January this year.

Version-Release number of selected component (if applicable):
httpd-2.4.6-13.el7.x86_64
mod_ssl-2.4.6-13.el7.x86_64
nss-3.15.3-4.el7.x86_64
openssl-1.0.1e-29.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Generate RSA certificates that are 2048bit long
2. Generate 2048 bit DH parameters, add them to file referenced by SSLCertificateFile
3. Connect using tstclnt -d /etc/pki/nssdb/ -h localhost -p 443 -V ssl3: -o -v

Actual results:
tstclnt: SSL version 3.3 using 256-bit AES with 160-bit SHA1 MAC
tstclnt: Server Auth: 2048-bit RSA, Key Exchange: 1024-bit DHE
         Compression: NULL

Expected results:
tstclnt: SSL version 3.3 using 256-bit AES with 160-bit SHA1 MAC
tstclnt: Server Auth: 2048-bit RSA, Key Exchange: 2048-bit DHE
         Compression: NULL

(note Key Exchange in second line)

Additional info:
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

Httpd should automatically select DH parameters that are at least as long as the RSA keys (see SP 800-131A and SP 800-57 Part 1).

--- Additional comment from Joe Orton on 2014-01-24 10:48:48 EST ---

This is done upstream already in 2.4.7:

http://svn.apache.org/r1542327

Comment 1 Fedora Admin XMLRPC Client 2014-06-30 09:54:00 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 2 Jan Kaluža 2014-08-20 12:48:59 UTC
This should be fixed in the version we have in all stable Fedora versions (httpd-2.4.10).


Note You need to log in before you can comment on or make changes to this bug.