Bug 90 - Enable Perfect Forward Secrecy (PFS) with TLS
Summary: Enable Perfect Forward Secrecy (PFS) with TLS
Status: NEW
Alias: None
Product: resiprocate
Classification: Unclassified
Component: stack (libresip) (show other bugs)
Version: unspecified
Hardware: All All
: P1 enhancement
Assignee: Owner of all unassigned bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-08 07:57 CDT by Daniel Pocock
Modified: 2015-09-18 02:42 CDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Pocock 2015-07-08 07:57:04 CDT
https://en.wikipedia.org/wiki/Forward_secrecy

Client code: the latest cipher-suite list should be sufficient to enable PFS

Server code:
- two API calls needed to enable PFS support
- example in PJSIP project:
    http://trac.pjsip.org/repos/changeset/4871
Comment 1 Daniel Pocock 2015-09-16 15:17:27 CDT
I've queried this with the OpenSSL project:

https://github.com/openssl/openssl/issues/402

to find out if we should use SSL_CTX_set_tmp_dh() in Security.cxx or just SSL_set_tmp_dh() in TlsConnection.cxx
Comment 2 Daniel Pocock 2015-09-18 02:42:08 CDT
Fix committed on master for the next release, 1.10.0