ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tls: use default OpenSSL built-in DH parameters

Browse Source 
Type: improvement

Motivation for this addition is to add support for cipher suites
that use Diffie-Hellman Ephemeral (DHE) for key exchange.

Using ephemeral DH key exchange yields forward secrecy as the
connection can only be decrypted when the DH key is known.
Configure OpenSSL to use the default built-in DH parameters for the
SSL_CTX object.

Change-Id: I31aadad047a6394ddf8bfa08471c239e0d1cd63c
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
This commit is contained in:
Ofer Heifetz
2021-07-25 19:37:46 +03:00
committed by Florin Coras
parent 1b6b09bb51
commit 18599c5861
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/plugins/tlsopenssl/tls_openssl.c
View File

@ -749,6 +749,14 @@ openssl_start_listen (tls_ctx_t * lctx)
return -1;
}
/* use the default OpenSSL built-in DH parameters */
rv = SSL_CTX_set_dh_auto (ssl_ctx, 1);
if (rv != 1)
{
TLS_DBG (1, "Couldn't set temp DH parameters");
return -1;
}
/*
* Set the key and cert
*/