git.openssl.org Git - openssl.git/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 22 Jan 2014 16:22:48 +0000 (16:22 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 28 Mar 2014 14:49:04 +0000 (14:49 +0000)
commit	09599b52d4e295c380512ba39958a11994d63401
tree	a2bbccfe21abc225b7010c37638d5e0416778e3d	tree \| snapshot
parent	2514fa79acba998c2a8d4e5a8288a5b3ae990377	commit \| diff

Auto DH support.

Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call

SSL_CTX_set_auto_dh(ctx, 1);

and appropriate DH parameters will be used based on the size of the
server key.

Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:

SSL_CTX_set_auto_dh(ctx, 2);

Only 1024 bit DH parameters will be used.

If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.

The old export ciphersuites aren't supported but those are very
insecure anyway.

apps/s_server.c		diff \| blob \| history
ssl/s3_lib.c		diff \| blob \| history
ssl/s3_srvr.c		diff \| blob \| history
ssl/ssl.h		diff \| blob \| history
ssl/ssl_cert.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history