Some explanation about the issue: In TLS's algo <https://en.wikipedia.org/wiki/Transport_Layer_Security#Algorithm>, there is an initial "key exchange" part before the parties can communicate. When doing this, there is an optional security feature called "forward secrecy <https://en.wikipedia.org/wiki/Transport_Layer_Security#Forward_secrecy>". If we want forward secrecy, we need to add Diffie-Hellman parameters to our certificates. Recently, the minimum required bit length of DH params was increased due to newly discovered vulnerabilities.
The current cipher suite picked by our specification uses forward secrecy. OpenSSL used to let is succeed anyway without the DH params, but now it insists that the (non-existent) key satisfy the minimum prerequisite length. Unfortunately, generating DH params takes a non trivial amount of time. If we generate the params every-time we create a certificate, distcheck <https://ganeti-buildbot.corp.google.com/ganeti/builders/tests-jessie64-ghc710/builds/44> takes 2 hours. Hence, we are changing our cipher string to point to a suite that does not have forward secrecy. On Thursday, September 24, 2015 at 1:56:46 PM UTC+2, Aditya Bhimanavajjula wrote: > > OpenSSL requires that we include atleast a 1024 bit > DH key in our certs if we use DH during key exchange. > > Hence, always use RSA at key exchange. > This fixes issue 1104. > > Signed-off-by: BSRK Aditya > --- > src/Ganeti/Constants.hs | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/Ganeti/Constants.hs b/src/Ganeti/Constants.hs > index 7d04720..48f0df2 100644 > --- a/src/Ganeti/Constants.hs > +++ b/src/Ganeti/Constants.hs > @@ -562,7 +562,7 @@ rsaKeyBits = 2048 > -- after it's been removed. Use the "openssl" utility to check the > -- allowed ciphers, e.g. "openssl ciphers -v HIGH:-DES". > opensslCiphers :: String > -opensslCiphers = "HIGH:-DES:-3DES:-EXPORT:-ADH" > +opensslCiphers = "kRSA:-MEDIUM:-LOW:-DES:-3DES:-EXPORT" > > -- * X509 > > -- > 2.6.0.rc2.230.g3dd15c0 > >
