OpenSSLCertificateOptions doesn’t support DHE
|Reported by:||Hynek Schlawack||Owned by:||Hynek Schlawack|
branch-diff, diff-cov, branch-cov, buildbot
Our TLS currently supports only RSA for key exchange. For perfect forward secrecy we need DHE (and later ECDH, but baby steps).
pyOpenSSL supports the necessary APIs, basically all one needs is:
- a temporary DH file (can be created using
openssl dhparam -rand - 1024 >tmp_dh_file)
I’ve got a PoC working. I would tackle this as soon as #6663 is resolved since it doesn’t make much sense without.
Change History (8)
comment:4 Changed 3 years ago by