Modify

Opened 3 years ago

#11646 new Bugs

Boost ASIO server-side async_handshake handler not called if Diffie-Hellman key is too small

Reported by: c.m.brandenburg@… Owned by: chris_kohlhoff
Milestone: To Be Determined Component: asio
Version: Boost 1.58.0 Severity: Problem
Keywords: use_tmp_dh_file dh diffie hellman key too small ssl openssl Cc:

Description

Boost ASIO server-side async_handshake handler is never called if the Diffie-Hellman key is too small. Instead, the handshake operation appears to hang indefinitely.

OpenSSL now requires Diffie-Hellman keys to be at least 768 bits (https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/).

This bug may be reproduced using the SSL examples in the Boost documentation (http://www.boost.org/doc/libs/1_58_0/doc/html/boost_asio/example/cpp03/ssl/server.cpp) and a recent version of OpenSSL that restricts DH keys to 768 or more bits. (I'm using OpenSSL version 1.0.2d.) Observe the bug by placing a breakpoint on the server-side handshake handler and seeing that the breakpoint is never hit.

For what it's worth, the client-side handshake operation completes, with error ("dh key too small"), as expected. So this problem affects only the server.

Attachments (0)

Change History (0)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The owner will remain chris_kohlhoff.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.