Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3711

Allow DHE ciphers in the ciphersuite list to be negotiable

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.0.0
    • SSL
    • None

    Description

      As it stands, adding a DHE- cipher to the cipher suite list is not sufficient to allow a DHE protocol to be negotiated. One must also add a dhparams file.

      We should re-introduce the logic to automatically create DHParams if none is specified. We currently have logic in the that could create a fixed 2048 bit DHParams, but it is not currently enabled. The disabling was tracked in TS-3437.

      Now that we are at a major release, we should reactivate this logic, since it seems odd and not user-friendly to have a two step process for activating DHE- ciphers (unlike any other cipher family).

      Attachments

        Issue Links

          Activity

            People

              shinrich Susan Hinrichs
              shinrich Susan Hinrichs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: