httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Lin-Shung Huang <>
Subject Diffie-Hellman parameter size does not match RSA signature size of SSL certificate
Date Tue, 03 Sep 2013 17:34:18 GMT
Hi Apache developers,

When using DHE cipher suites on an Apache HTTPS server, we noticed (via
Wireshark) that the DHE key size (1024 bits) is smaller than our RSA
signature key size (2048 bits nowadays). This seems to be the default
behavior, and there are no options to correctly configure the DHE key size.

The DHE modes are supposed to provide forward-secrecy. If a site choses to
use a 2048-bit public-key in its cert it means that it considers a 1024-bit
modulus insecure. One could make the argument that since the DH parameters
are ephemeral they could be generated using a smaller security parameter,
but that seems quite dangerous since it will not prevent a targeted attack
on a specific session.

David Huang

View raw message