diff options
author | Jaime Caamaño Ruiz <jcaamano@redhat.com> | 2021-06-16 20:32:28 +0000 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2021-07-07 13:25:32 -0700 |
commit | 0c0995238241a7e41b434dc4a1ff3660efa581e5 (patch) | |
tree | 3e4129f387558bf7a94c1749404bdde383696070 /Documentation/ref | |
parent | 4e948b86c758971353a003971725ed508962b026 (diff) | |
download | openvswitch-0c0995238241a7e41b434dc4a1ff3660efa581e5.tar.gz |
stream-ssl: Remove unsafe 1024 bit dh params
Using 1024 bit params for DH is considered unsafe [1]. Additionally,
from [2]:
"Modern servers that do not support export ciphersuites are advised to
either use SSL_CTX_set_tmp_dh() or alternatively, use the callback but
ignore keylength and is_export and simply supply at least 2048-bit
parameters in the callback."
Additionally, using 1024 bit dh params may block clients running on
recent openssl version from connecting given the stricter default
security requirements of those new openssl versions. The error message
for these clients looks like:
error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:ssl/statem/statem_clnt.c:2150
As a workaround, this error can be suppressed tweaking the cipher list
(--ssl-ciphers) to either 'HIGH:!aNULL:!MD5:@SECLEVEL=1' to reduce
security requirements or 'HIGH:!aNULL:!MD5:!DH' to avoid using fixed
param DH based ciphers. The first option is recommended though as it
likely a fixed param DH cipher is the best possible option in that
situation.
[1] https://weakdh.org/
[2] https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tmp_dh_callback.html
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'Documentation/ref')
0 files changed, 0 insertions, 0 deletions