On 19.06.2014 23:17, Joe Orton wrote:
> I was reminded that there was a request to use the larger key sizes as
> well.
Using ephemeral DH keys with sizes > 4096 bits in TLS seems way overkill
for the next decade or so (3072 bits are already considered to have a
128-bit symmetric-key strength), but if it makes people happy to use
unreasonably large keys, then so be it... the docs for
SSLCertificateFile should also be updated in this case.
> +/* Storage and initialization for DH parameters. */
> +static struct dhparam {
> + BIGNUM *(*const prime)(BIGNUM *); /* function to generate... */
> + DH *dh; /* ...this, used for keys.... */
> + const unsigned int min; /* ...of length >= this. */
> +} dhparams[] = {
> + { get_rfc3526_prime_8192, NULL, 6145 },
> + { get_rfc3526_prime_6144, NULL, 4097 },
> + { get_rfc3526_prime_4096, NULL, 3073 },
> + { get_rfc3526_prime_3072, NULL, 2049 },
> + { get_rfc3526_prime_2048, NULL, 1025 },
> + { get_rfc2409_prime_1024, NULL, 0 }
> +};
Perhaps the "min" values could increased somewhat -
7168/5120/3584/2560/1536 (i.e. "half way" between two steps)?
Kaspar
