MEDIUM: ssl: increase default-dh-param to 2048

For 6 years now we've been seeing a warning suggesting to set dh-param beyond 1024 if possible when it was not set. It's about time to do it and get rid of this warning since most users seem to already use 2048. It will remain possible to set a lower value of course, so only those who were experiencing the warning and were relying on the default value may notice a change (higher CPU usage). For more context, please refer to this thread : https://www.mail-archive.com/haproxy@formilux.org/msg37226.html This commit removes a big chunk of code which happened to be needed exclusively to figure if it was required to emit a warning or not :-)
2025-09-21 13:51:26 +02:00 · 2020-05-08 09:31:18 +02:00 · 2020-05-08 09:31:18 +02:00 · 3ba77d29ac
commit 3ba77d29ac
parent 49fecd9f47
2 changed files with 3 additions and 41 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -2125,7 +2125,7 @@ tune.ssl.default-dh-param <number>
  the ephemeral/temporary Diffie-Hellman key in case of DHE key exchange. The
  final size will try to match the size of the server's RSA (or DSA) key (e.g,
  a 2048 bits temporary DH key for a 2048 bits RSA key), but will not exceed
-  this maximum value. Default value if 1024. Only 1024 or higher values are
+  this maximum value. Default value if 2048. Only 1024 or higher values are
  allowed. Higher values will increase the CPU load, and values greater than
  1024 bits are not supported by Java 7 and earlier clients. This value is not
  used if static Diffie-Hellman parameters are supplied either directly
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -5615,46 +5615,8 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
 	    global_dh == NULL &&
 	    (ssl_dh_ptr_index == -1 ||
 	     SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
-		STACK_OF(SSL_CIPHER) * ciphers = NULL;
-		const SSL_CIPHER * cipher = NULL;
-		char cipher_description[128];
-		/* The description of ciphers using an Ephemeral Diffie Hellman key exchange
-		   contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
-		   which is not ephemeral DH. */
-		const char dhe_description[] = " Kx=DH ";
-		const char dhe_export_description[] = " Kx=DH(";
-		int idx = 0;
-		int dhe_found = 0;
-		SSL *ssl = NULL;
-
-		ssl = SSL_new(ctx);
-
-		if (ssl) {
-			ciphers = SSL_get_ciphers(ssl);
-
-			if (ciphers) {
-				for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
-					cipher = sk_SSL_CIPHER_value(ciphers, idx);
-					if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
-						if (strstr(cipher_description, dhe_description) != NULL ||
-						    strstr(cipher_description, dhe_export_description) != NULL) {
-							dhe_found = 1;
-							break;
-						}
-					}
-				}
-			}
-			SSL_free(ssl);
-			ssl = NULL;
-		}
-
-		if (dhe_found) {
-			memprintf(err, "%sSetting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n",
-			          err && *err ? *err : "");
-			cfgerr |= ERR_WARN;
-		}
-
-		global_ssl.default_dh_param = 1024;
+		/* default to dh-param 2048 */
+		global_ssl.default_dh_param = 2048;
 	}

 	if (global_ssl.default_dh_param >= 1024) {