Customize DH-params in openSSL
32 views
Skip to first unread message
Mert Zararsiz
Jun 15, 2016, 12:58:15 PM6/15/16
to Netty discussions
Hello Netty group,
I was wondering if it is possible to set a minimal DH-param size in SslContext or anywhere else.
The default key exchange with a size of 1024 bits is considered is considered weak according to SSLlabs which I would like to strengthen.
The key size could be customized on the normal SslProvider.JDK by changing the jdk.tls.ephemeralDHKeySize JVM property to the desired key size.
I've searched around for a solution and saw that tomcat-native seems to use SSLContext.setTmpDH(long serverContext, String filePath) to provide custom DH-params.
Would there be a way to solve this issue?
Norman Maurer
Jun 15, 2016, 1:04:25 PM6/15/16
to ne...@googlegroups.com
I think we should respect the same system property for our OpenSSL implementation as well.
Would you mind open an issue ?
At the moment we not support it when using OpenSSL :(
Thanks!
--
You received this message because you are subscribed to the Google Groups "Netty discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netty+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netty/b4f78af4-37bf-446b-a8e5-8c9e8d92ebd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mert Zararsiz
Jun 16, 2016, 4:09:10 AM6/16/16
to Netty discussions
Alright thanks!
Github issue: https://github.com/netty/netty/issues/5401
Op woensdag 15 juni 2016 19:04:25 UTC+2 schreef Norman Maurer:
Op woensdag 15 juni 2016 19:04:25 UTC+2 schreef Norman Maurer:
Reply all
Reply to author
Forward
0 new messages