Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 52f2ff5b935636d7977182a5c2cad23848aa10d9
commit52f2ff5b935636d7977182a5c2cad23848aa10d9[log] [tgz]
authorIlya Shipitsin <chipitsine@gmail.com>Sat Jul 23 23:55:19 2022 +0500
committerWilly Tarreau <w@1wt.eu>Sat Aug 06 17:45:40 2022 +0200
tree66dfa092f124959335d92bc757188436b1bfb697
parent3b64a28e156026526be0ca540c5950569f80a477 [diff]
BUG/MEDIUM: fix DH length when EC key is used

dh of length 1024 were chosen for EVP_PKEY_EC key type.
let us pick "default_dh_param" instead.

issue was found on Ubuntu 22.04 which is shipped with OpenSSL configured
with SECLEVEL=2 by default. such SECLEVEL value prohibits DH shorter than
2048:

OpenSSL error[0xa00018a] SSL_CTX_set0_tmp_dh_pkey: dh key too small

better strategy for chosing DH still may be considered though.
1 file changed
tree: 66dfa092f124959335d92bc757188436b1bfb697
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. SUBVERS
  26. VERDATE
  27. VERSION