Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1304310407 for ; Sun, 29 Sep 2013 10:36:20 +0000 (UTC) Received: (qmail 31074 invoked by uid 500); 29 Sep 2013 10:36:13 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 31017 invoked by uid 500); 29 Sep 2013 10:36:12 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 31010 invoked by uid 99); 29 Sep 2013 10:36:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Sep 2013 10:36:10 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_FRT_SLUT X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Sep 2013 10:36:07 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id A1D7E238896F; Sun, 29 Sep 2013 10:35:47 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1527295 - in /httpd/httpd/trunk: ./ docs/manual/mod/ docs/manual/ssl/ modules/ssl/ Date: Sun, 29 Sep 2013 10:35:47 -0000 To: cvs@httpd.apache.org From: kbrand@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20130929103547.A1D7E238896F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kbrand Date: Sun Sep 29 10:35:46 2013 New Revision: 1527295 URL: http://svn.apache.org/r1527295 Log: Improve ephemeral key handling (companion to r1526168): - allow to configure custom DHE or ECDHE parameters via the SSLCertificateFile directive, and adapt its documentation accordingly (addresses PR 49559) - add standardized DH parameters from RFCs 2409 and 3526, use them based on the length of the certificate's RSA/DSA key, and add a FAQ entry for clients which limit DH support to 1024 bits (such as Java 7 and earlier) - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to ssl_util_ssl.c, and add ssl_ec_GetParamFromFile() - drop ssl_engine_dh.c from mod_ssl For the standardized DH parameters, OpenSSL version 0.9.8a or later is required, which was therefore made a new minimum requirement in r1527294. Removed: httpd/httpd/trunk/modules/ssl/ssl_engine_dh.c Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/CMakeLists.txt httpd/httpd/trunk/LAYOUT httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml httpd/httpd/trunk/docs/manual/ssl/ssl_faq.xml httpd/httpd/trunk/modules/ssl/config.m4 httpd/httpd/trunk/modules/ssl/mod_ssl.dsp httpd/httpd/trunk/modules/ssl/ssl_engine_init.c httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c httpd/httpd/trunk/modules/ssl/ssl_private.h httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Sun Sep 29 10:35:46 2013 @@ -1,6 +1,12 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by + allowing custom parameters to be configured via SSLCertificateFile, + and by adding standardized DH parameters for 1024/2048/3072/4096 bits. + Unless custom parameters are configured, the standardized parameters + are applied based on the certificate's RSA/DSA key size. + *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand] *) mod_lua: Let the Inter-VM get/set functions work with a global Modified: httpd/httpd/trunk/CMakeLists.txt URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CMakeLists.txt?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/CMakeLists.txt (original) +++ httpd/httpd/trunk/CMakeLists.txt Sun Sep 29 10:35:46 2013 @@ -417,7 +417,7 @@ IF(OPENSSL_FOUND) SET(mod_ssl_extra_libs ${OPENSSL_LIBRARIES}) ENDIF() SET(mod_ssl_extra_sources - modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_dh.c + modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_log.c modules/ssl/ssl_engine_mutex.c modules/ssl/ssl_engine_ocsp.c Modified: httpd/httpd/trunk/LAYOUT URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/LAYOUT?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/LAYOUT (original) +++ httpd/httpd/trunk/LAYOUT Sun Sep 29 10:35:46 2013 @@ -108,7 +108,6 @@ modules/ ................ Manditory and mod_ssl.c ............... main source file containing API structures mod_ssl.h ............... common header file of mod_ssl ssl_engine_config.c ..... module configuration handling - ssl_engine_dh.c ......... DSA/DH support ssl_engine_init.c ....... module initialization ssl_engine_io.c ......... I/O support ssl_engine_kernel.c ..... SSL engine kernel Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Sun Sep 29 10:35:46 2013 @@ -808,12 +808,33 @@ SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MED

-This directive points to the PEM-encoded Certificate file for the server and -optionally also to the corresponding RSA or DSA Private Key file for it -(contained in the same file). If the contained Private Key is encrypted the -Pass Phrase dialog is forced at startup time. This directive can be used up to -three times (referencing different filenames) when both a RSA, a DSA, and an -ECC based server certificate is used in parallel.

+This directive points to the file with the PEM-encoded certificate, +optionally also the corresponding private key, and - beginning with +version 2.5.0-dev as of 2013-09-29 - DH parameters and/or an EC curve name +for ephemeral keys (as generated by openssl dhparam +and openssl ecparam, respectively). If the private key +is encrypted, the pass phrase dialog is forced at startup time. +

+

+This directive can be used up to three times (referencing different filenames) +when both an RSA, a DSA, and an ECC based server certificate is used in +parallel. Note that DH and ECDH parameters are only read from the first +SSLCertificateFile directive.

+ + +DH parameter interoperability with primes > 1024 bit +

+Beginning with version 2.5.0-dev as of 2013-09-29, mod_ssl makes use of +standardized DH parameters with prime lengths of 2048, 3072 and 4096 bits +(from RFC 3526), and hands +them out to clients based on the length of the certificate's RSA/DSA key. +With Java-based clients in particular (Java 7 or earlier), this may lead +to handshake failures - see this +FAQ answer for working around +such issues. +

+ + Example SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_faq.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_faq.xml?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/ssl/ssl_faq.xml (original) +++ httpd/httpd/trunk/docs/manual/ssl/ssl_faq.xml Sun Sep 29 10:35:46 2013 @@ -519,6 +519,8 @@ Does this mean the username/password is
  • Why do I get I/O errors when connecting via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE)?
    • +
  • How do I enable TLS-SRP?
    • +
  • Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits?
    • Why do I get lots of random SSL protocol @@ -740,6 +742,37 @@ SetEnvIf User-Agent "MSIE [2-5]" \ </example> </section> +<section id="javadh"><title>Why do I get handshake failures with Java-based clients when using a certificate with more than 1024 bits? +

    Beginning with version 2.5.0-dev as of 2013-09-29, + mod_ssl will use DH parameters which include primes + with lengths of more than 1024 bits. Java 7 and earlier limit their + support for DH prime sizes to a maximum of 1024 bits, however.

    + +

    If your Java-based client aborts with exceptions such as + java.lang.RuntimeException: Could not generate DH keypair and + java.security.InvalidAlgorithmParameterException: Prime size must be + multiple of 64, and can only range from 512 to 1024 (inclusive), + and httpd logs tlsv1 alert internal error (SSL alert number 80) + (at LogLevel info + or higher), you can either rearrange mod_ssl's cipher list with + SSLCipherSuite + (possibly in conjunction with SSLHonorCipherOrder), + or you can use the SSLCertificateFile + directive to configure custom DH parameters with a 1024-bit prime, which + will always have precedence over any of the built-in DH parameters.

    + +

    To generate custom DH parameters, use the openssl dhparam + command. Alternatively, you can append the following standard 1024-bit DH + parameters from RFC 2409, + section 6.2 to the respective + SSLCertificateFile file:

    + 
    -----BEGIN DH PARAMETERS-----
+MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
+Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
+/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
+-----END DH PARAMETERS-----
     +
    + Modified: httpd/httpd/trunk/modules/ssl/config.m4 URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/config.m4?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/config.m4 (original) +++ httpd/httpd/trunk/modules/ssl/config.m4 Sun Sep 29 10:35:46 2013 @@ -20,7 +20,6 @@ dnl # list of module object files ssl_objs="dnl mod_ssl.lo dnl ssl_engine_config.lo dnl -ssl_engine_dh.lo dnl ssl_engine_init.lo dnl ssl_engine_io.lo dnl ssl_engine_kernel.lo dnl Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.dsp URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.dsp?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/mod_ssl.dsp (original) +++ httpd/httpd/trunk/modules/ssl/mod_ssl.dsp Sun Sep 29 10:35:46 2013 @@ -112,10 +112,6 @@ SOURCE=.\ssl_engine_config.c # End Source File # Begin Source File -SOURCE=.\ssl_engine_dh.c -# End Source File -# Begin Source File - SOURCE=.\ssl_engine_init.c # End Source File # Begin Source File Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Sep 29 10:35:46 2013 @@ -1007,10 +1007,14 @@ static void ssl_init_server_certs(server const char *rsa_id, *dsa_id; #ifdef HAVE_ECC const char *ecc_id; + EC_GROUP *ecparams; + int nid; + EC_KEY *eckey; #endif const char *vhost_id = mctx->sc->vhost_id; int i; int have_rsa, have_dsa; + DH *dhparams; #ifdef HAVE_ECC int have_ecc; #endif @@ -1058,10 +1062,38 @@ static void ssl_init_server_certs(server ssl_die(s); } + /* + * Try to read DH parameters from the (first) SSLCertificateFile + */ + if ((mctx->pks->cert_files[0] != NULL) && + (dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) { + SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO() + "Custom DH parameters (%d bits) for %s loaded from %s", + BN_num_bits(dhparams->p), vhost_id, + mctx->pks->cert_files[0]); + } + #ifdef HAVE_ECC - /* Enable ECDHE by configuring a default curve */ - SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, - EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + /* + * Similarly, try to read the ECDH curve name from SSLCertificateFile... + */ + if ((mctx->pks->cert_files[0] != NULL) && + (ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) && + (nid = EC_GROUP_get_curve_name(ecparams)) && + (eckey = EC_KEY_new_by_curve_name(nid))) { + SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO() + "ECDH curve %s for %s specified in %s", + OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]); + } + /* + * ...otherwise, configure NIST P-256 (required to enable ECDHE) + */ + else { + SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, + EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + } #endif } Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sun Sep 29 10:35:46 2013 @@ -1300,16 +1300,69 @@ const authz_provider ssl_authz_provider_ */ /* - * Hand out the already generated DH parameters... + * Grab well-defined DH parameters from OpenSSL, see + * (get_rfc*) for all available primes. + */ +#define make_get_dh(rfc,size,gen) \ +static DH *get_dh##size(void) \ +{ \ + DH *dh; \ + if (!(dh = DH_new())) { \ + return NULL; \ + } \ + dh->p = get_##rfc##_prime_##size(NULL); \ + BN_dec2bn(&dh->g, #gen); \ + if (!dh->p || !dh->g) { \ + DH_free(dh); \ + return NULL; \ + } \ + return dh; \ +} + +/* + * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments + */ +make_get_dh(rfc2409, 1024, 2) +make_get_dh(rfc3526, 2048, 2) +make_get_dh(rfc3526, 3072, 2) +make_get_dh(rfc3526, 4096, 2) + +/* + * Hand out standard DH parameters, based on the authentication strength */ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) { conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); + EVP_PKEY *pkey = SSL_get_privatekey(ssl); + int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; + + /* + * OpenSSL will call us with either keylen == 512 or keylen == 1024 + * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h). + * Adjust the DH parameter length according to the size of the + * RSA/DSA private key used for the current connection, and always + * use at least 1024-bit parameters. + * Note: This may cause interoperability issues with implementations + * which limit their DH support to 1024 bit - e.g. Java 7 and earlier. + * In this case, SSLCertificateFile can be used to specify fixed + * 1024-bit DH parameters (with the effect that OpenSSL skips this + * callback). + */ + if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) { + keylen = EVP_PKEY_bits(pkey); + } ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, - "handing out parameters for temporary %d bit DH key", keylen); + "handing out built-in DH parameters for %d-bit authenticated connection", keylen); - return ssl_dh_GetTmpParam(keylen); + if (keylen >= 4096) + return get_dh4096(); + else if (keylen >= 3072) + return get_dh3072(); + else if (keylen >= 2048) + return get_dh2048(); + else + return get_dh1024(); } /* Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_private.h (original) +++ httpd/httpd/trunk/modules/ssl/ssl_private.h Sun Sep 29 10:35:46 2013 @@ -887,8 +887,10 @@ int ssl_init_ssl_connection(con void ssl_pphrase_Handle(server_rec *, apr_pool_t *); /** Diffie-Hellman Parameter Support */ -DH *ssl_dh_GetTmpParam(int); -DH *ssl_dh_GetParamFromFile(char *); +DH *ssl_dh_GetParamFromFile(const char *); +#ifdef HAVE_ECC +EC_GROUP *ssl_ec_GetParamFromFile(const char *); +#endif unsigned char *ssl_asn1_table_set(apr_hash_t *table, const char *key, Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1527295&r1=1527294&r2=1527295&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original) +++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sun Sep 29 10:35:46 2013 @@ -483,6 +483,38 @@ BOOL SSL_X509_INFO_load_path(apr_pool_t /* _________________________________________________________________ ** +** Custom (EC)DH parameter support +** _________________________________________________________________ +*/ + +DH *ssl_dh_GetParamFromFile(const char *file) +{ + DH *dh = NULL; + BIO *bio; + + if ((bio = BIO_new_file(file, "r")) == NULL) + return NULL; + dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + BIO_free(bio); + return (dh); +} + +#ifdef HAVE_ECC +EC_GROUP *ssl_ec_GetParamFromFile(const char *file) +{ + EC_GROUP *group = NULL; + BIO *bio; + + if ((bio = BIO_new_file(file, "r")) == NULL) + return NULL; + group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); + BIO_free(bio); + return (group); +} +#endif + +/* _________________________________________________________________ +** ** Extra Server Certificate Chain Support ** _________________________________________________________________ */