Bug 1180223 - mod_ssl uses small DHE parameters for non standard RSA keys
Summary: mod_ssl uses small DHE parameters for non standard RSA keys
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: httpd
Version: httpd24
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: 2.0
Assignee: Jan Kaluža
QA Contact: Ondřej Pták
URL:
Whiteboard:
Depends On: 1057687 1071292 1073078
Blocks: 1073081
TreeView+ depends on / blocked
 
Reported: 2015-01-08 16:18 UTC by Ondřej Pták
Modified: 2015-06-04 09:13 UTC (History)
8 users (show)

Fixed In Version: httpd24-httpd-2.4.12-1.el7 httpd24-httpd-2.4.12-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 1073078
Environment:
Last Closed: 2015-06-04 09:13:07 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1056 normal SHIPPED_LIVE httpd24 bug fix and enhancement update 2015-06-04 13:11:57 UTC

Comment 1 Ondřej Pták 2015-01-08 16:19:39 UTC
this should be fixed in httpd 2.4.10 (rhscl-2.0)

Comment 6 Ondřej Pták 2015-05-04 09:11:31 UTC
httpd24-mod_ssl-2.4.12-6.el7, httpd24-mod_ssl-2.4.12-3.el6
==========================================================
:: [   INFO   ] :: Testing 2047 bit RSA keys with 2048 DHE keys
:: [   PASS   ] :: Command 'openssl req -x509 -newkey rsa:2047 -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt -subj /CN=localhost -nodes -batch' (Expected 0, got 0)
:: [   PASS   ] :: Start httpd server (Expected 0, got 0)
:: [   PASS   ] :: Command 'openssl s_client -CAfile /etc/pki/tls/certs/localhost.crt -cipher 'ALL:!ECDH' -connect localhost:443 < request.txt' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/tmp/tmp.m4Fl0eo74L' should contain 'Server Temp Key: DH, 2048 bits' 
:: [   PASS   ] :: File '/var/tmp/tmp.m4Fl0eo74L' should contain 'Server public key is 2047 bit'

Comment 8 errata-xmlrpc 2015-06-04 09:13:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1056.html


Note You need to log in before you can comment on or make changes to this bug.