[jira] [Commented] (TS-2417) Add forward secrecy support with DHE (SSL related)

Susan Hinrichs (JIRA) Fri, 31 Oct 2014 11:31:04 -0700

    [ 
https://issues.apache.org/jira/browse/TS-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14192207#comment-14192207
 ]


Susan Hinrichs commented on TS-2417:
------------------------------------

Looks good to me.  

It does always load DH group parameters for each context (either hard-coded 
value or value from the DHParams file).  And marks the context to pick a new DH 
pair for each use.   There is no opt-out.  Not clear that is necessary.  There 
is no opt-out for enabling ECDH either.   

If you really cared, I would guess that you could adjust the cipher list to 
avoid the ciphers that use DH.  

> Add forward secrecy support with DHE (SSL related)
> --------------------------------------------------
>
>                 Key: TS-2417
>                 URL: https://issues.apache.org/jira/browse/TS-2417
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: HTTP, SSL
>            Reporter: Bryan Call
>            Assignee: John Eaglesham
>             Fix For: sometime
>
>         Attachments: ats_dhe-2.patch
>
>
> mod_ssl bug and changes:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49559
> Discussion on httpd-dev list:
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3c52358ed1.2070...@velox.ch%3E



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (TS-2417) Add forward secrecy support with DHE (SSL related)

Reply via email to