[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7595) OpenLDAP lacks a ECDHE key generation callback

crest@tzi.de wrote:
> Full_Name: Jan Bramkamp
> Version: 2.4.35
> OS: FreeBSD 9.1
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> OpenLDAP supports PFS TLS cipher suites using DHE with the
> DH *tlso_tmp_dh_cb(SSL*,int,int) callback in libraries/libldap/tls_o.c.
> DHE-RSA/DSS cipher suites are very CPU intensive and noticeably increase latency
> on low-power hardware. While OpenLDAP supports ECDH-ECDSA cipher suites these
> lack the PFS offered by DHE-RSA/DSS cipher suites.
>>From my initial search it looks like the correct API to register such a callback
> would be SSL_CTX_set_tmp_ecdh_callback(), but im not familiar the OpenLDAP code
> base so patching it my self could have unintended consequences.
> This how the CA was generated:
>      CURVE=secp384r1
>      openssl ecparam -out private/ca-key.pem -name $CURVE -genkey &&
>      openssl req -new -x509 -days 365 -key private/ca-key.pem -out
> certs/ca-cert.pem
>      openssl ecparam -out private/auth1-key.pem -name $CURVE -genkey &&
>      openssl req -new -key private/auth1-key.pem -out newcerts/auth1-csr.pem &&
>      openssl ca -config /usr/local/openssl/openssl.cnf -out certs/auth1-cert.pem
> -infiles newcerts/auth1-csr.pem
> The (EC)DH paramter file was generated with:
>      openssl ecparam -name $CURVE
> This was tested with slapd linked against OpenSSL 1.0.1e from ports on FreeBSD
> 9.1/amd64.

It seems that current events have focused more attention on Perfect Forward 
Secrecy, now that news about NSA eavesdropping is everywhere. It's worth 
noting Bruce Schneier's recommendation to avoid Elliptic Curve algorithms, 
since their design has been heavily influenced by the NSA.


(Section 5.)

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/