summaryrefslogtreecommitdiffstats
path: root/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3')
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3112
1 files changed, 46 insertions, 66 deletions
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index 4d80acd..c2c5c4b 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2015-03-19" "1.0.1m" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2015-06-11" "1.0.1n" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -197,12 +197,12 @@ negotiation is being saved.
.PP
If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly
necessary to generate a new key for each handshake but it does improve forward
-secrecy. If it is not assured, that \*(L"strong\*(R" primes were used (see especially
-the section about \s-1DSA\s0 parameters below), \s-1SSL_OP_SINGLE_DH_USE\s0 must be used
-in order to prevent small subgroup attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0
-has an impact on the computer time needed during negotiation, but it is not
-very large, so application authors/users should consider to always enable
-this option.
+secrecy. If it is not assured that \*(L"strong\*(R" primes were used,
+\&\s-1SSL_OP_SINGLE_DH_USE\s0 must be used in order to prevent small subgroup
+attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 has an impact on the
+computer time needed during negotiation, but it is not very large, so
+application authors/users should consider always enabling this option.
+The option is required to implement perfect forward secrecy (\s-1PFS\s0).
.PP
As generating \s-1DH\s0 parameters is extremely time consuming, an application
should not generate the parameters on the fly but supply the parameters.
@@ -210,82 +210,62 @@ should not generate the parameters on the fly but supply the parameters.
the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker
may specialize on a very often used \s-1DH\s0 group. Applications should therefore
generate their own \s-1DH\s0 parameters during the installation process using the
-openssl \fIdhparam\fR\|(1) application. In order to reduce the computer
-time needed for this generation, it is possible to use \s-1DSA\s0 parameters
-instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0
-is mandatory.
+openssl \fIdhparam\fR\|(1) application. This application
+guarantees that \*(L"strong\*(R" primes are used.
.PP
-Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
+Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the \fB\-C\fR option of the
-\&\fIdhparam\fR\|(1) application.
-Authors may also generate their own set of parameters using
-\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were
-generated. The generation of \s-1DH\s0 parameters during installation is therefore
-recommended.
+\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0
+parameters during installation should still be preferred to stop an
+attacker from specializing on a commonly used group. Files dh1024.pem
+and dh512.pem contain old parameters that must not be used by
+applications.
.PP
An application may either directly specify the \s-1DH\s0 parameters or
-can supply the \s-1DH\s0 parameters via a callback function. The callback approach
-has the advantage, that the callback may supply \s-1DH\s0 parameters for different
-key lengths.
+can supply the \s-1DH\s0 parameters via a callback function.
.PP
-The \fBtmp_dh_callback\fR is called with the \fBkeylength\fR needed and
-the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
-ephemeral \s-1DH\s0 key exchange is performed with an export cipher.
+Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR
+parameters to control parameter generation for export and non-export
+cipher suites. Modern servers that do not support export ciphersuites
+are advised to either use \fISSL_CTX_set_tmp_dh()\fR in combination with
+\&\s-1SSL_OP_SINGLE_DH_USE,\s0 or alternatively, use the callback but ignore
+\&\fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit
+parameters in the callback.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
-Handle \s-1DH\s0 parameters for key lengths of 512 and 1024 bits. (Error handling
+Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling
partly left out.)
.PP
-.Vb 5
-\& ...
-\& /* Set up ephemeral DH stuff */
-\& DH *dh_512 = NULL;
-\& DH *dh_1024 = NULL;
-\& FILE *paramfile;
+.Vb 2
+\& Command\-line parameter generation:
+\& $ openssl dhparam \-out dh_param_2048.pem 2048
\&
+\& Code for setting up parameters during server initialization:
+\&
+\& ...
+\& SSL_CTX ctx = SSL_CTX_new();
\& ...
-\& /* "openssl dhparam \-out dh_param_512.pem \-2 512" */
-\& paramfile = fopen("dh_param_512.pem", "r");
+\&
+\& /* Set up ephemeral DH parameters. */
+\& DH *dh_2048 = NULL;
+\& FILE *paramfile;
+\& paramfile = fopen("dh_param_2048.pem", "r");
\& if (paramfile) {
-\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
\& fclose(paramfile);
+\& } else {
+\& /* Error. */
\& }
-\& /* "openssl dhparam \-out dh_param_1024.pem \-2 1024" */
-\& paramfile = fopen("dh_param_1024.pem", "r");
-\& if (paramfile) {
-\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
-\& fclose(paramfile);
+\& if (dh_2048 == NULL) {
+\& /* Error. */
\& }
-\& ...
-\&
-\& /* "openssl dhparam \-C \-2 512" etc... */
-\& DH *get_dh512() { ... }
-\& DH *get_dh1024() { ... }
-\&
-\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
-\& {
-\& DH *dh_tmp=NULL;
-\&
-\& switch (keylength) {
-\& case 512:
-\& if (!dh_512)
-\& dh_512 = get_dh512();
-\& dh_tmp = dh_512;
-\& break;
-\& case 1024:
-\& if (!dh_1024)
-\& dh_1024 = get_dh1024();
-\& dh_tmp = dh_1024;
-\& break;
-\& default:
-\& /* Generating a key on the fly is very costly, so use what is there */
-\& setup_dh_parameters_like_above();
-\& }
-\& return(dh_tmp);
+\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
+\& /* Error. */
\& }
+\& SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+\& ...
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
OpenPOWER on IntegriCloud