Allow selective disabling of single dh use

Which should be on by default, but can be disabled for high-load
situations where the DH parameters are sufficiently secure

diff --git a/src/include/tls-h b/src/include/tls-h
index 18cf9825d5fc832a1a1165302fd477944a6aa1b0..e870a4afe740b958f982743081adcf202839ceb9 100644 (file)
--- a/src/include/tls-h
+++ b/src/include/tls-h
@@ -349,6 +349,7 @@ struct fr_tls_server_conf_t {
        bool            file_type;
        bool            include_length;
        bool            auto_chain;
+       bool            disable_single_dh_use;
        bool            disable_tlsv1;
        bool            disable_tlsv1_1;
        bool            disable_tlsv1_2;

diff --git a/src/main/tls.c b/src/main/tls.c
index 8f540af3865c21f80c40dcb2008165e2188147a4..95d141bf54a775d1fa3cedc8326ca777fc41e404 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1036,6 +1036,7 @@ static CONF_PARSER tls_server_config[] = {
        { "fragment_size", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, fragment_size), "1024" },
        { "include_length", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, include_length), "yes" },
        { "auto_chain", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, auto_chain), "yes" },
+       { "disable_single_dh_use", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_single_dh_use), NULL },
        { "check_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, check_crl), "no" },
 #ifdef X509_V_FLAG_CRL_CHECK_ALL
        { "check_all_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, check_all_crl), "no" },
@@ -2185,7 +2186,7 @@ static X509_STORE *init_revocation_store(fr_tls_server_conf_t *conf)
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
-static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve)
+static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve, bool disable_single_dh_use)
 {
        int      nid;
        EC_KEY  *ecdh;
@@ -2206,7 +2207,9 @@ static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve)
 
        SSL_CTX_set_tmp_ecdh(ctx, ecdh);
 
-       SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
+       if (!disable_single_dh_use) {
+               SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
+       }
 
        EC_KEY_free(ecdh);
 
@@ -2587,16 +2590,16 @@ post_ca:
        ctx_options |= SSL_OP_NO_TICKET;
 #endif
 
-       /*
-        *      SSL_OP_SINGLE_DH_USE must be used in order to prevent
-        *      small subgroup attacks and forward secrecy. Always
-        *      using
-        *
-        *      SSL_OP_SINGLE_DH_USE has an impact on the computer
-        *      time needed during negotiation, but it is not very
-        *      large.
-        */
-       ctx_options |= SSL_OP_SINGLE_DH_USE;
+       if (!conf->disable_single_dh_use) {
+               /*
+                *      SSL_OP_SINGLE_DH_USE must be used in order to prevent
+                *      small subgroup attacks and forward secrecy. Always
+                *      using SSL_OP_SINGLE_DH_USE has an impact on the
+                *      computer time needed during negotiation, but it is not
+                *      very large.
+                */
+               ctx_options |= SSL_OP_SINGLE_DH_USE;
+       }
 
        /*
         *      SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS to work around issues
@@ -2627,7 +2630,7 @@ post_ca:
         */
 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
 #ifndef OPENSSL_NO_ECDH
-       if (set_ecdh_curve(ctx, conf->ecdh_curve) < 0) {
+       if (set_ecdh_curve(ctx, conf->ecdh_curve, conf->disable_single_dh_use) < 0) {
                return NULL;
        }
 #endif