Branch: refs/heads/master
Home: https://github.com/xrootd/xrootd
Commit: d080e15b7b5d49fcbc08ee4800de7d6e4e5ace12
https://github.com/xrootd/xrootd/commit/d080e15b7b5d49fcbc08ee4800de7d6e4e5ace12
Author: Brian Bockelman <[log in to unmask]>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M src/XrdCrypto/XrdCryptosslCipher.cc
M src/XrdCrypto/XrdCryptosslCipher.hh
Log Message:
-----------
Switch to a fixed set of DH parameters compatible with older OpenSSL.
OpenSSL 3 started generating DH parameters that are not considered
valid by `DH_check` for older OpenSSL 1.0.2.
Since we can't change clients in the wild, I generated a set of DH
params (`openssl dhparam 2048`) on an older OpenSSL 1.0.2 which appears
to be considered acceptable by both versions of OpenSSL.
This fixes the set of DH parameters (instead of generating them each time),
which is fairly typical, and also increases the size from 512 (insecure)
to 2048.
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
