1180223 – mod_ssl uses small DHE parameters for non standard RSA keys

Bug 1180223 - mod_ssl uses small DHE parameters for non standard RSA keys

Summary: mod_ssl uses small DHE parameters for non standard RSA keys

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Software Collections
Classification:	Red Hat
Component:	httpd
Sub Component:
Version:	httpd24
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	2.0
Assignee:	Jan Kaluža
QA Contact:	Ondřej Pták
Docs Contact:
URL:
Whiteboard:
Depends On:	1057687 1071292 1073078
Blocks:	1073081
TreeView+	depends on / blocked

Reported:	2015-01-08 16:18 UTC by Ondřej Pták
Modified:	2021-01-14 09:19 UTC (History)
CC List:	7 users (show)
Fixed In Version:	httpd24-httpd-2.4.12-1.el7 httpd24-httpd-2.4.12-1.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1073078
Environment:
Last Closed:	2015-06-04 09:13:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:1056	0	normal	SHIPPED_LIVE	httpd24 bug fix and enhancement update	2015-06-04 13:11:57 UTC

Comment 1 Ondřej Pták 2015-01-08 16:19:39 UTC

this should be fixed in httpd 2.4.10 (rhscl-2.0)

Comment 6 Ondřej Pták 2015-05-04 09:11:31 UTC

httpd24-mod_ssl-2.4.12-6.el7, httpd24-mod_ssl-2.4.12-3.el6
==========================================================
:: [   INFO   ] :: Testing 2047 bit RSA keys with 2048 DHE keys
:: [   PASS   ] :: Command 'openssl req -x509 -newkey rsa:2047 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt -subj /CN=localhost -nodes -batch' (Expected 0, got 0)
:: [   PASS   ] :: Start httpd server (Expected 0, got 0)
:: [   PASS   ] :: Command 'openssl s_client -CAfile /etc/pki/tls/certs/localhost.crt -cipher 'ALL:!ECDH' -connect localhost:443 < request.txt' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/tmp/tmp.m4Fl0eo74L' should contain 'Server Temp Key: DH, 2048 bits' 
:: [   PASS   ] :: File '/var/tmp/tmp.m4Fl0eo74L' should contain 'Server public key is 2047 bit'

Comment 8 errata-xmlrpc 2015-06-04 09:13:07 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1056.html

Note You need to log in before you can comment on or make changes to this bug.