ben@bjencks.net wrote:
I suppose I should attach a test case:
Thanks, patches applied to master (with some tweaks).
cd $WORKDIR openssl dhparam 1536 > dh1536.pem openssl req -new -newkey rsa:2048 -keyout server.key \ -out server.crt -sha256 -nodes -subj '/CN=localhost/' -x509
For GnuTLS, load the following config: dn: cn=config objectClass: olcGlobal cn: config olcTLSCertificateFile: $WORKDIR/server.crt olcTLSCertificateKeyFile: $WORKDIR/server.key olcTLSCipherSuite: NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC: +DHE-RSA:+SHA1:+COMP-NULL olcTLSDHParamFile: $WORKDIR/dh1536.pem
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config
For Openssl, change olcTLSCipherSuite to: olcTLSCipherSuite: aRSA+AES128+kEDH
Start up slapd with the config, listening on ldaps://localhost:6636.
openssl s_client -connect localhost:6636
With GnuTLS this will fail negotiation; with OpenSSL it will use 1024 bit parameters rather than the 1536 bits params we specified.
The only way I've found to find the actual parameter size is to tcpdump the negotiation. First, verify that the negotiated cipher suite is DHE-RSA-AES128-SHA according to s_client, then:
tcpdump -i lo -wldap.pcap port 6636 wireshark ldap.pcap Apply the SSL decode to the traffic (right click on packet, Decode As, Transport tab, SSL), find the Server Key Exchange packet, select the Server Key Exchange portion of the handshake message, and look at the hex dump.
It should start with 0c, followed by a three byte size, then the next two bytes are the length of the DH parameters: 0080 for 1024 bits, 00c0 for 1536 bits.