Opened 3 years ago

#11646 new Bugs

Boost ASIO server-side async_handshake handler not called if Diffie-Hellman key is too small

Reported by: c.m.brandenburg@… Owned by: chris_kohlhoff
Milestone: To Be Determined Component: asio
Version: Boost 1.58.0 Severity: Problem
Keywords: use_tmp_dh_file dh diffie hellman key too small ssl openssl Cc:

Description

Boost ASIO server-side async_handshake handler is never called if the Diffie-Hellman key is too small. Instead, the handshake operation appears to hang indefinitely.

OpenSSL now requires Diffie-Hellman keys to be at least 768 bits (https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/).

This bug may be reproduced using the SSL examples in the Boost documentation (http://www.boost.org/doc/libs/1_58_0/doc/html/boost_asio/example/cpp03/ssl/server.cpp) and a recent version of OpenSSL that restricts DH keys to 768 or more bits. (I'm using OpenSSL version 1.0.2d.) Observe the bug by placing a breakpoint on the server-side handshake handler and seeing that the breakpoint is never hit.

For what it's worth, the client-side handshake operation completes, with error ("dh key too small"), as expected. So this problem affects only the server.

Change History (0)

Note: See TracTickets for help on using tickets.