On Sat, Jun 21, 2014 at 09:24:05AM +0200, Kaspar Brand wrote:
> On 19.06.2014 23:17, Joe Orton wrote:
> > I was reminded that there was a request to use the larger key sizes as
> > well.
>
> Using ephemeral DH keys with sizes > 4096 bits in TLS seems way overkill
> for the next decade or so (3072 bits are already considered to have a
> 128-bit symmetric-key strength), but if it makes people happy to use
> unreasonably large keys, then so be it... the docs for
> SSLCertificateFile should also be updated in this case.
Thanks to you & Rüdiger for review! r1605827 & r1605829
> > +/* Storage and initialization for DH parameters. */
> > +static struct dhparam {
> > + BIGNUM *(*const prime)(BIGNUM *); /* function to generate... */
> > + DH *dh; /* ...this, used for keys.... */
> > + const unsigned int min; /* ...of length >= this. */
> > +} dhparams[] = {
> > + { get_rfc3526_prime_8192, NULL, 6145 },
> > + { get_rfc3526_prime_6144, NULL, 4097 },
> > + { get_rfc3526_prime_4096, NULL, 3073 },
> > + { get_rfc3526_prime_3072, NULL, 2049 },
> > + { get_rfc3526_prime_2048, NULL, 1025 },
> > + { get_rfc2409_prime_1024, NULL, 0 }
> > +};
>
> Perhaps the "min" values could increased somewhat -
> 7168/5120/3584/2560/1536 (i.e. "half way" between two steps)?
I've a mild preference for keeping to the 1K multiples, since half way
is kind of arbitrary... if you or anybody else feels strongly about this
I'm happy to adjust.
Regards, Joe
