httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: invalid free in ssl
Date Mon, 27 Feb 2012 20:37:13 GMT
On 27/02/2012 20:05, Stefan Fritsch wrote:
> I noticed that the ssl_callback_tmp* functions may return a different 
> key length than requested. Is this a problem?

Well for EC the callback mechanism in OpenSSL is rather broken.

It should be using an appropriate curve which both server and client support.
Using P-256 (as the mod_ssl callback currently does) is a reasonable compromise
that most clients should support.

At some point support for Suite B modes will be included in OpenSSL and that
will mean that in some cases P-384 should be used instead.

The OpenSSL callback mechanism for EC is IMHO largely an unnecessary application

In the case of RSA and DH callbacks these involve time consuming key or
parameter generation operations which applications might specify from
pre-generated sources.

For EC the callback just sends back a static structure containing the curve to
use with minimal computational overhead. OpenSSL could just do the right thing
automatically here and send back a curve the peer is willing to use and server
applications would then automatically support EC.

Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775

View raw message