Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3624

Make DH params file regenerate every $tperiod

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • sometime
    • SSL
    • None

    Description

      Longjam has landed, and we now know that DH below a certain threshold is vulnerable (to a nation-state adversary). https://weakdh.org/

      while ats offers to configure dhparams through a file, it would be nice if, like dovecot, we offered a way to aut-regenerate dhparams, every $tperiod.

      see http://wiki2.dovecot.org/SSL/DovecotConfiguration#SSL_security_settings

      http://hg.dovecot.org/dovecot-2.2/file/45013c8cf69c/src/lib-ssl-iostream/iostream-openssl-params.c

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. TS-3711 Allow DHE ciphers in the ciphersuite list to be negotiable

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. TS-3136 Change default TLS cipher suites

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              i.galic Igor Galić
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: