httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 49559] Patch to add user-specified Diffie-Hellman parameters
Date Mon, 30 Apr 2012 18:29:45 GMT

Erwann Abalea <> changed:

           What    |Removed                     |Added
            Version|2.2.14                      |2.4-HEAD

--- Comment #2 from Erwann Abalea <> ---
A new version of the patch has been provided, based on httpd 2.4.2.
When generating your own DH parameters, add the "-dsaparam" option to openssl
commandline, this speeds up the handshake by about 15% for a 1024bits prime to
30% for a 2048bits prime.
With "-dsaparam" option, the private key is limited to 160 bits for a <2048bits
prime, and 256 bits for a >=2048bits one. You then have 80bits of security for
a 1024bits prime, but based on NFS results you can't get much.
2048bits prime with a 256bits private key length gives you 128bits of security.

You are receiving this mail because:
You are the assignee for the bug.

View raw message