Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use FFDHE 4096 group from RFC 7919 instead of "openssl dhparam" #1270

Closed
hardfalcon opened this issue Aug 26, 2024 · 0 comments
Closed

Use FFDHE 4096 group from RFC 7919 instead of "openssl dhparam" #1270

hardfalcon opened this issue Aug 26, 2024 · 0 comments
Assignees
@d00p
Milestone
2.2.x

Comments

@hardfalcon
Copy link

There are several instances where Froxlor 2.2.0 runs or advises the user to run openssl dhparam to generate a DH group when configuring TLS.

It is generally preferable to not use any custom-generated DH groups at all, and to simply use one of the FFDHE groups from RFC7919 instead:

https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups

Instances of openssl dhparam that I've found:
@d00p d00p self-assigned this Aug 26, 2024
@d00p d00p added this to the 2.2.x milestone Aug 26, 2024
@d00p d00p closed this as completed in 197eb79 Aug 29, 2024
d00p added a commit that referenced this issue Aug 29, 2024
@d00p
dont generate dhparam file as fallback but use defined FFDHE4096 group;
57206b2 
fixes #1270

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@d00p d00p

Labels
None yet
Projects
2.2
Status: Done
Milestone
2.2.x
Development

No branches or pull requests
2 participants
@d00p @hardfalcon