trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: Forward Secrecy ?
Date Mon, 25 Nov 2013 08:22:35 GMT


----- Original Message -----
> Here's the commit adding ECDHE support to apache httpd:
> 
> 	http://mail-archives.apache.org/mod_mbox/httpd-cvs/200911.mbox/%3C20091110075514.166A6238890A@eris.apache.org%3E

What this code does is more than just an initial throw, it enables to use
ECC /keys/ all we need to start using ECDHE is the initialization.

   http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=834378&r1=834377&r2=834378&view=diff

> and for stud:
> 
> 	https://github.com/bumptech/stud/pull/61/files

Wow. That's bad. That looks specifically for the *bad* NSA curve constants
before initializing the ec code. That's not something I'd rely on, since
not even NIST is any more.

> I created jira ticket TS-2392 for this.
> 
> 
>   -jf
> 

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641


Mime
View raw message