![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 6 years ago
Closed 6 years ago
#2112 closed defect (fixed)
Initialization of ephemeral ECDH (EECDH) when accepting TLS session works incorrectly when linked with OpenSSL 1.1.0x
| Reported by: | riza | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.8 |
| Component: | pjlib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
In OpenSSL 1.1.0 the ephemeral
ECDH is already initialized in automatic mode, so there is really no need to
do anything explicit about it.
=== begin citation ===
*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
exclude it using the list of supported ciphers. This also means that
the
"-no_ecdhe" option has been removed from s_server.
https://www.openssl.org/news/changelog.html#x10
=== end citation ===
The code in ssl_sock_ossl.c falls to branch initializing only prime256v1
(aka secp256r1) elliptic curve in the context, after the call
SSL_CTX_ctrl(ctx,94,1,NULL) is unsuccessful with OpenSSL 1.1.0x. When using
server certificate with EC key based on any other curve, the listener fails
TLS negotiation with misleading alert "no shared cipher", because the
context's curve set applies to both EECDH and ECDSA. (Certificates with RSA
keys work well.) Also, the EECDH itself is limited to use the only (from
today's perspective the weakest acceptable) curve for key negotiation.
Thanks to Tzafrir Cohen for the patch.
Change History (2)
comment:1 Changed 6 years ago by riza
- Component changed from applications to pjlib
- Milestone set to release-2.8
comment:2 Changed 6 years ago by riza
- Resolution set to fixed
- Status changed from new to closed
In 5787: