Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the configured DH parameters with all services #143

Merged
merged 1 commit into from
Aug 10, 2019

Conversation

smortex
Copy link
Member

@smortex smortex commented Aug 10, 2019

Only the director used the DH parameters passed to the bacula class. With this change, the storage daemon and file daemons also use these DH parameters, allowing forward secrecy between all components.

https://www.bacula.org/9.4.x-manuals/en/main/Bacula_TLS_Communications_E.html

DH key exchange adds an additional level of security because the key used for encryption/decryption by the server and the client is computed on each end and thus is never passed over the network if Diffie-Hellman key exchange is used.

Only the director used the DH parameters passed to the bacula class.
With this change, the storage daemon and file daemons also use these
DH parameters, allowing forward secrecy.
@zachfi
Copy link
Contributor

zachfi commented Aug 10, 2019

Great, thank you.

@zachfi zachfi merged commit 0057ebf into master Aug 10, 2019
@zachfi zachfi deleted the tls-dh-file-for-all-services branch August 10, 2019 16:53
@smortex smortex added the enhancement New feature or request label Mar 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants