https://issues.apache.org/bugzilla/show_bug.cgi?id=57566
Bug ID: 57566
Summary: The standardized DH parameters applied based on the
certificate's RSA/DSA key size are not correct when
using both RSA and ECC certificates
Product: Apache httpd-2
Version: 2.4.10
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Apache-2.4.7 added the feature: the DH standardized parameters are applied
based on the certificate's RSA/DSA key size.
The DH parameters for something like TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
applied based on the certificate's RSA/DSA key size is 2048-bit if I use only a
2048-bit RSA certificate.
But the DH parameters applied based on the certificate's RSA/DSA key size is
1024-bit if I use both a 2048-bit RSA certificate and a 256-bit ECC certificate
AND Use "SSLCertificateFile ecc.crt" AFTER "SSLCertificateFile rsa.crt" in
config file.
I think it should ignore the ECC certificate's key size and generates the DH
parameter which length is same as the RSA certificate.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
