httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 49559] Patch to add user-specified Diffie-Hellman parameters
Date Mon, 30 Apr 2012 18:29:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49559

Erwann Abalea <erwann.abalea@keynectis.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.2.14                      |2.4-HEAD

--- Comment #2 from Erwann Abalea <erwann.abalea@keynectis.com> ---
A new version of the patch has been provided, based on httpd 2.4.2.
When generating your own DH parameters, add the "-dsaparam" option to openssl
commandline, this speeds up the handshake by about 15% for a 1024bits prime to
30% for a 2048bits prime.
With "-dsaparam" option, the private key is limited to 160 bits for a <2048bits
prime, and 256 bits for a >=2048bits one. You then have 80bits of security for
a 1024bits prime, but based on NFS results you can't get much.
2048bits prime with a 256bits private key length gives you 128bits of security.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Mime
View raw message