]> git.kaiwu.me - haproxy.git/commit
projects / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b64a28) | patch
BUG/MEDIUM: fix DH length when EC key is used
authorIlya Shipitsin <chipitsine@gmail.com>
Sat, 23 Jul 2022 18:55:19 +0000 (23:55 +0500)
committerWilly Tarreau <w@1wt.eu>
Sat, 6 Aug 2022 15:45:40 +0000 (17:45 +0200)
commit52f2ff5b935636d7977182a5c2cad23848aa10d9
tree66dfa092f124959335d92bc757188436b1bfb697tree | snapshot
parent3b64a28e156026526be0ca540c5950569f80a477commit | diff
BUG/MEDIUM: fix DH length when EC key is used

dh of length 1024 were chosen for EVP_PKEY_EC key type.
let us pick "default_dh_param" instead.

issue was found on Ubuntu 22.04 which is shipped with OpenSSL configured
with SECLEVEL=2 by default. such SECLEVEL value prohibits DH shorter than
2048:

OpenSSL error[0xa00018a] SSL_CTX_set0_tmp_dh_pkey: dh key too small

better strategy for chosing DH still may be considered though.
src/ssl_sock.c diff | blob | history
haproxy upstream