Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 1b6b09b) | patch
tls: use default OpenSSL built-in DH parameters 14/33514/2
authorOfer Heifetz <oferh@marvell.com>
Sun, 25 Jul 2021 16:37:46 +0000 (19:37 +0300)
committerFlorin Coras <florin.coras@gmail.com>
Mon, 30 Aug 2021 14:05:05 +0000 (14:05 +0000)
commit18599c5861d96723359997f2c70fc28fcac0e984
tree2cbbc9e5c25ec3ad1165e6a4d00b08cd381d5976tree | snapshot
parent1b6b09bb514831050b23397c078933c2ace3ff36commit | diff
tls: use default OpenSSL built-in DH parameters

Type: improvement

Motivation for this addition is to add support for cipher suites
that use Diffie-Hellman Ephemeral (DHE) for key exchange.

Using ephemeral DH key exchange yields forward secrecy as the
connection can only be decrypted when the DH key is known.
Configure OpenSSL to use the default built-in DH parameters for the
SSL_CTX object.

Change-Id: I31aadad047a6394ddf8bfa08471c239e0d1cd63c
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
src/plugins/tlsopenssl/tls_openssl.c diff | blob | history
Vector Packet Processing