crest@tzi.de wrote:
Full_Name: Jan Bramkamp Version: 2.4.35 OS: FreeBSD 9.1 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (79.230.127.217)
OpenLDAP supports PFS TLS cipher suites using DHE with the DH *tlso_tmp_dh_cb(SSL*,int,int) callback in libraries/libldap/tls_o.c. DHE-RSA/DSS cipher suites are very CPU intensive and noticeably increase latency on low-power hardware. While OpenLDAP supports ECDH-ECDSA cipher suites these lack the PFS offered by DHE-RSA/DSS cipher suites.
From my initial search it looks like the correct API to register such a callback
would be SSL_CTX_set_tmp_ecdh_callback(), but im not familiar the OpenLDAP code base so patching it my self could have unintended consequences.
This how the CA was generated: CURVE=secp384r1
openssl ecparam -out private/ca-key.pem -name $CURVE -genkey && openssl req -new -x509 -days 365 -key private/ca-key.pem -outcerts/ca-cert.pem
openssl ecparam -out private/auth1-key.pem -name $CURVE -genkey && openssl req -new -key private/auth1-key.pem -out newcerts/auth1-csr.pem && openssl ca -config /usr/local/openssl/openssl.cnf -out certs/auth1-cert.pem-infiles newcerts/auth1-csr.pem
The (EC)DH paramter file was generated with: openssl ecparam -name $CURVE
This was tested with slapd linked against OpenSSL 1.0.1e from ports on FreeBSD 9.1/amd64.
It seems that current events have focused more attention on Perfect Forward Secrecy, now that news about NSA eavesdropping is everywhere. It's worth noting Bruce Schneier's recommendation to avoid Elliptic Curve algorithms, since their design has been heavily influenced by the NSA.
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-survei...
(Section 5.)
-
hyc@symas.com