[erlang-questions] SSL and hardcoded DH prime

Frank Muller frank.muller.erl@REDACTED
Fri Aug 24 05:11:15 CEST 2018 

How? Show us please!!!

No, I can use dh option in Erlang and generate in des format DH prime and
> DH generator. It’s very fast.
>
> чт, 23 авг. 2018 г. в 22:07, Paul Peregud <paulperegud@REDACTED>:
>
>> Its a long-ish process. But you can run it during installation or first
>> run.
>>
>> $ time openssl dhparam -out dhparam.pem 2048
>> ...
>> real    0m3,623s
>> user    0m3,612s
>> sys    0m0,000s
>>
>>
>>
>> On Thu, Aug 23, 2018 at 5:27 PM Alexander Petrovsky <askjuise@REDACTED>
>> wrote:
>>
>>> Yeah, Ingela, thanks! About default value and dh, dhfile options I know.
>>> The main question - is the any reasons don’t generate DH prime in real-time?
>>>
>>> чт, 23 авг. 2018 г. в 20:12, Ingela Andin <ingela.andin@REDACTED>:
>>>
>>>> Hi!
>>>>
>>>> It is only the default value that is hard coded (a recommend value),
>>>> you may configure your own parameters with dh or dhfile option.
>>>>
>>>> Regards Ingela
>>>>
>>>> Den tors 23 aug. 2018 kl 16:57 skrev Alexander Petrovsky <
>>>> askjuise@REDACTED>:
>>>>
>>>>> Hello!
>>>>>
>>>>> We have stumble upon default DH prime (2048 bits) in Erlang when we
>>>>> try to establish TLS session with cisco spa303 (VoIP hardphone)
>>>>> via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
>>>>> this hardphone can work only with 1024 bit DH prime.
>>>>>
>>>>> I wonder, why Ingela hardcoded this DH prime -
>>>>> https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
>>>>>
>>>>> In my synthetical tests, new DH prime generation is fast enough
>>>>> (crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
>>>>> iterations.
>>>>>
>>>>> Why Ingela has hardcoded this DH prime and is any reason why I
>>>>> shouldn't generate DH prime in real-time?
>>>>>
>>>>> --
>>>>> Петровский Александр / Alexander Petrovsky,
>>>>>
>>>>> Skype: askjuise
>>>>> Phone: +7 931 9877991
>>>>>
>>>>> _______________________________________________
>>>>> erlang-questions mailing list
>>>>> erlang-questions@REDACTED
>>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>>
>>>> --
>>> Петровский Александр / Alexander Petrovsky,
>>>
>>> Skype: askjuise
>>> Phone: +7 931 9877991
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>
>>
>> --
>> Best regards,
>> Paul Peregud
>> +48602112091
>>
> --
> Петровский Александр / Alexander Petrovsky,
>
> Skype: askjuise
> Phone: +7 931 9877991
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180824/91a141e3/attachment.htm>

More information about the erlang-questions mailing list