Subject: [Boost-bugs] [Boost C++ Libraries] #11646: Boost ASIO server-side async_handshake handler not called if Diffie-Hellman key is too small
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2015-09-11 22:18:07
#11646: Boost ASIO server-side async_handshake handler not called if Diffie-Hellman
key is too small
-------------------------------------------------+-------------------------
Reporter: c.m.brandenburg@… | Owner:
Type: Bugs | chris_kohlhoff
Milestone: To Be Determined | Status: new
Version: Boost 1.58.0 | Component: asio
Keywords: use_tmp_dh_file dh diffie hellman | Severity: Problem
key too small ssl openssl |
-------------------------------------------------+-------------------------
Boost ASIO server-side `async_handshake` handler is never called if the
Diffie-Hellman key is too small. Instead, the handshake operation appears
to hang indefinitely.
OpenSSL now requires Diffie-Hellman keys to be at least 768 bits
(https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-
changes/).
This bug may be reproduced using the SSL examples in the Boost
documentation
(http://www.boost.org/doc/libs/1_58_0/doc/html/boost_asio/example/cpp03/ssl/server.cpp)
and a recent version of OpenSSL that restricts DH keys to 768 or more
bits. (I'm using OpenSSL version 1.0.2d.) Observe the bug by placing a
breakpoint on the server-side handshake handler and seeing that the
breakpoint is never hit.
For what it's worth, the client-side handshake operation completes, with
error (`"dh key too small"`), as expected. So this problem affects only
the server.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/11646> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:19 UTC