Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6554:1aa9650a8154
SSL: removed default DH parameters.
Using the same DH parameters on multiple servers is believed to be subject
to precomputation attacks, see http://weakdh.org/. Additionally, 1024 bits
are not enough in the modern world as well. Let users provide their own
DH parameters with the ssl_dhparam directive if they want to use EDH ciphers.
Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed
DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same
precomputation attacks. We avoid using it as well.
This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),
as OpenSSL developers changed their policy after releasing Beta 1 and
broke API once again by making the DH struct opaque (see ticket #860).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 19 May 2016 14:46:32 +0300 |
| parents | 2014ed60f17f |
| children | 04d8d1f85649 |
comparison
equal
deleted
inserted
replaced
| 6553:2014ed60f17f | 6554:1aa9650a8154 |
|---|---|
| 979 ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) | 979 ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) |
| 980 { | 980 { |
| 981 DH *dh; | 981 DH *dh; |
| 982 BIO *bio; | 982 BIO *bio; |
| 983 | 983 |
| 984 /* | |
| 985 * -----BEGIN DH PARAMETERS----- | |
| 986 * MIGHAoGBALu8LcrYRnSQfEP89YDpz9vZWKP1aLQtSwju1OsPs1BMbAMCducQgAxc | |
| 987 * y7qokiYUxb7spWWl/fHSh6K8BJvmd4Bg6RqSp1fjBI9osHb302zI8pul34HcLKcl | |
| 988 * 7OZicMyaUDXYzs7vnqAnSmOrHlj6/UmI0PZdFGdX2gcd8EXP4WubAgEC | |
| 989 * -----END DH PARAMETERS----- | |
| 990 */ | |
| 991 | |
| 992 static unsigned char dh1024_p[] = { | |
| 993 0xBB, 0xBC, 0x2D, 0xCA, 0xD8, 0x46, 0x74, 0x90, 0x7C, 0x43, 0xFC, 0xF5, | |
| 994 0x80, 0xE9, 0xCF, 0xDB, 0xD9, 0x58, 0xA3, 0xF5, 0x68, 0xB4, 0x2D, 0x4B, | |
| 995 0x08, 0xEE, 0xD4, 0xEB, 0x0F, 0xB3, 0x50, 0x4C, 0x6C, 0x03, 0x02, 0x76, | |
| 996 0xE7, 0x10, 0x80, 0x0C, 0x5C, 0xCB, 0xBA, 0xA8, 0x92, 0x26, 0x14, 0xC5, | |
| 997 0xBE, 0xEC, 0xA5, 0x65, 0xA5, 0xFD, 0xF1, 0xD2, 0x87, 0xA2, 0xBC, 0x04, | |
| 998 0x9B, 0xE6, 0x77, 0x80, 0x60, 0xE9, 0x1A, 0x92, 0xA7, 0x57, 0xE3, 0x04, | |
| 999 0x8F, 0x68, 0xB0, 0x76, 0xF7, 0xD3, 0x6C, 0xC8, 0xF2, 0x9B, 0xA5, 0xDF, | |
| 1000 0x81, 0xDC, 0x2C, 0xA7, 0x25, 0xEC, 0xE6, 0x62, 0x70, 0xCC, 0x9A, 0x50, | |
| 1001 0x35, 0xD8, 0xCE, 0xCE, 0xEF, 0x9E, 0xA0, 0x27, 0x4A, 0x63, 0xAB, 0x1E, | |
| 1002 0x58, 0xFA, 0xFD, 0x49, 0x88, 0xD0, 0xF6, 0x5D, 0x14, 0x67, 0x57, 0xDA, | |
| 1003 0x07, 0x1D, 0xF0, 0x45, 0xCF, 0xE1, 0x6B, 0x9B | |
| 1004 }; | |
| 1005 | |
| 1006 static unsigned char dh1024_g[] = { 0x02 }; | |
| 1007 | |
| 1008 | |
| 1009 if (file->len == 0) { | 984 if (file->len == 0) { |
| 1010 | |
| 1011 dh = DH_new(); | |
| 1012 if (dh == NULL) { | |
| 1013 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed"); | |
| 1014 return NGX_ERROR; | |
| 1015 } | |
| 1016 | |
| 1017 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); | |
| 1018 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); | |
| 1019 | |
| 1020 if (dh->p == NULL || dh->g == NULL) { | |
| 1021 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed"); | |
| 1022 DH_free(dh); | |
| 1023 return NGX_ERROR; | |
| 1024 } | |
| 1025 | |
| 1026 SSL_CTX_set_tmp_dh(ssl->ctx, dh); | |
| 1027 | |
| 1028 DH_free(dh); | |
| 1029 | |
| 1030 return NGX_OK; | 985 return NGX_OK; |
| 1031 } | 986 } |
| 1032 | 987 |
| 1033 if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) { | 988 if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) { |
| 1034 return NGX_ERROR; | 989 return NGX_ERROR; |