which do not explicitly define theirs. It will be overridden by custom DH
parameters found in a bind certificate file if any. If custom DH parameters
are not specified either by using ssl-dh-param-file or by setting them
- directly in the certificate file, pre-generated DH parameters of the size
- specified by tune.ssl.default-dh-param will be used. Custom parameters are
- known to be more secure and therefore their use is recommended.
+ directly in the certificate file, DHE ciphers will not be used, unless
+ tune.ssl.default-dh-param is set. In this latter case, pre-defined DH
+ parameters of the specified size will be used. Custom parameters are known to
+ be more secure and therefore their use is recommended.
Custom DH parameters may be generated by using the OpenSSL command
"openssl dhparam <size>", where size should be at least 2048, as 1024-bit DH
parameters should not be considered secure anymore.
the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The
final size will try to match the size of the server's RSA (or DSA) key (e.g,
a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed
- this maximum value. Default value if 2048. Only 1024 or higher values are
- allowed. Higher values will increase the CPU load, and values greater than
- 1024 bits are not supported by Java 7 and earlier clients. This value is not
- used if static Diffie-Hellman parameters are supplied either directly
- in the certificate file or by using the ssl-dh-param-file parameter.
+ this maximum value. Only 1024 or higher values are allowed. Higher values
+ will increase the CPU load, and values greater than 1024 bits are not
+ supported by Java 7 and earlier clients. This value is not used if static
+ Diffie-Hellman parameters are supplied either directly in the certificate
+ file or by using the ssl-dh-param-file parameter.
+ If there is neither a default-dh-param nor a ssl-dh-param-file defined, and
+ if the server's PEM file of a given frontend does not specify its own DH
+ parameters, then DHE ciphers will be unavailable for this frontend.
tune.ssl.ssl-ctx-cache-size <number>
Sets the size of the cache used to store generated certificates to <number>
# This reg-tests checks that the DH-related mechanisms works properly.
# When no DH is specified, either directly in the server's PEM or through a
-# ssl-dh-param-file global option, in case of DHE negotiation, the hard coded
-# DH parameters included in the sources will be used. We will use DH parameters
-# of the same size as the server's RSA or DSA key.
+# ssl-dh-param-file global option, and no tune.ssl.default-dh-param is defined,
+# DHE ciphers are disabled.
+# If a default-dh-param is defined, we will use DH parameters of the same size
+# as the server's RSA or DSA key, or default-dh-param if it is smaller.
# This test has three distinct HAProxy instances, one with no DH-related option
# used, one with the tune.ssl.default-dh-param global parameter set, and one
# with an ssl-dh-param-file global option.
client c1 -connect ${h1_clearlst_sock} {
txreq
rxresp
- expect resp.status == 200
- expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
+ # No DH parameters are defined, DHE ciphers are unavailable
+ expect resp.status == 503
} -run
client c2 -connect ${h2_clearlst_dfltdh_sock} {
client c4 -connect ${h1_clearlst_sock} {
txreq -url "/gencert"
rxresp
- expect resp.status == 200
- expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
+ # No DH parameters are defined, DHE ciphers are unavailable
+ expect resp.status == 503
} -run
-#
-# Check the size of the DH key
-#
-shell {
- echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dflt.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 2048 bits"
-}
-
# On the second HAProxy instance, even if default-dh-param is set to 4096, this
# value is only considered as a maximum DH key length and we will always try to
# match the server's certificate key length in our DHE key exchange (2048 bits
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dhfile.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
}
-shell {
- echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dflt_gencert.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 2048 bits"
-}
-
-
#
# Add a custom DH to the server's PEM certificate
#
# Check that all the SSL backend <-> SSL frontend connections still work
+# Common.pem now contains DH parameters so the first instance's frontends
+# can now use DHE ciphers.
#
client c5 -connect ${h1_clearlst_sock} {
txreq
if (!SSL_CTX_set0_tmp_dh_pkey(ctx, dh))
HASSL_DH_free(dh);
}
- else
- SSL_CTX_set_dh_auto(ctx, 1);
}
#endif
if (!ssl_sock_set_tmp_dh(ctx, dh)) {
memprintf(err, "%sunable to load the DH parameter specified in '%s'",
err && *err ? *err : "", path);
-#if defined(SSL_CTX_set_dh_auto)
- SSL_CTX_set_dh_auto(ctx, 1);
- memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
- err && *err ? *err : "");
-#else
memprintf(err, "%s, DH ciphers won't be available.\n",
err && *err ? *err : "");
-#endif
ret |= ERR_WARN;
goto end;
}
if (!ssl_sock_set_tmp_dh(ctx, global_dh)) {
memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
err && *err ? *err : "", path);
-#if defined(SSL_CTX_set_dh_auto)
- SSL_CTX_set_dh_auto(ctx, 1);
- memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
- err && *err ? *err : "");
-#else
memprintf(err, "%s, DH ciphers won't be available.\n",
err && *err ? *err : "");
-#endif
ret |= ERR_WARN;
goto end;
}
/* Clear openssl global errors stack */
ERR_clear_error();
- if (global_ssl.default_dh_param && global_ssl.default_dh_param <= 1024) {
- /* we are limited to DH parameter of 1024 bits anyway */
- if (local_dh_1024 == NULL)
- local_dh_1024 = ssl_get_dh_1024();
-
- if (local_dh_1024 == NULL) {
- memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
- err && *err ? *err : "", path);
- ret |= ERR_ALERT | ERR_FATAL;
- goto end;
- }
+ /* We do not want DHE ciphers to be added to the cipher list
+ * unless there is an explicit global dh option in the conf.
+ */
+ if (global_ssl.default_dh_param) {
+ if (global_ssl.default_dh_param <= 1024) {
+ /* we are limited to DH parameter of 1024 bits anyway */
+ if (local_dh_1024 == NULL)
+ local_dh_1024 = ssl_get_dh_1024();
+
+ if (local_dh_1024 == NULL) {
+ memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
+ err && *err ? *err : "", path);
+ ret |= ERR_ALERT | ERR_FATAL;
+ goto end;
+ }
- if (!ssl_sock_set_tmp_dh(ctx, local_dh_1024)) {
- memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
- err && *err ? *err : "", path);
-#if defined(SSL_CTX_set_dh_auto)
- SSL_CTX_set_dh_auto(ctx, 1);
- memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
- err && *err ? *err : "");
-#else
- memprintf(err, "%s, DH ciphers won't be available.\n",
- err && *err ? *err : "");
-#endif
- ret |= ERR_WARN;
- goto end;
+ if (!ssl_sock_set_tmp_dh(ctx, local_dh_1024)) {
+ memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
+ err && *err ? *err : "", path);
+ memprintf(err, "%s, DH ciphers won't be available.\n",
+ err && *err ? *err : "");
+ ret |= ERR_WARN;
+ goto end;
+ }
}
- }
- else {
+ else {
#if (HA_OPENSSL_VERSION_NUMBER < 0x3000000fL)
- SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh_cbk);
+ SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh_cbk);
#else
- ssl_sock_set_tmp_dh_from_pkey(ctx, ckch ? ckch->key : NULL);
+ ssl_sock_set_tmp_dh_from_pkey(ctx, ckch ? ckch->key : NULL);
#endif
+ }
}
}
#endif
#ifndef OPENSSL_NO_DH
- if (global_ssl.default_dh_param >= 1024) {
- if (local_dh_1024 == NULL) {
- local_dh_1024 = ssl_get_dh_1024();
- }
- if (global_ssl.default_dh_param >= 2048) {
- if (local_dh_2048 == NULL) {
- local_dh_2048 = ssl_get_dh_2048();
- }
- if (global_ssl.default_dh_param >= 4096) {
- if (local_dh_4096 == NULL) {
- local_dh_4096 = ssl_get_dh_4096();
- }
- }
- }
- }
+ if (!local_dh_1024)
+ local_dh_1024 = ssl_get_dh_1024();
+ if (!local_dh_2048)
+ local_dh_2048 = ssl_get_dh_2048();
+ if (!local_dh_4096)
+ local_dh_4096 = ssl_get_dh_4096();
#endif /* OPENSSL_NO_DH */
SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
projects / thirdparty / haproxy.git / commitdiff
