Commit | Line | Data |
---|---|---|
5a44c043 | 1 | .\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) |
e056f0e0 JR |
2 | .\" |
3 | .\" Standard preamble: | |
4 | .\" ======================================================================== | |
e056f0e0 | 5 | .de Sp \" Vertical space (when we can't use .PP) |
984263bc MD |
6 | .if t .sp .5v |
7 | .if n .sp | |
8 | .. | |
e056f0e0 | 9 | .de Vb \" Begin verbatim text |
984263bc MD |
10 | .ft CW |
11 | .nf | |
12 | .ne \\$1 | |
13 | .. | |
e056f0e0 | 14 | .de Ve \" End verbatim text |
984263bc | 15 | .ft R |
984263bc MD |
16 | .fi |
17 | .. | |
e056f0e0 JR |
18 | .\" Set up some character translations and predefined strings. \*(-- will |
19 | .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | |
e257b235 PA |
20 | .\" double quote, and \*(R" will give a right double quote. \*(C+ will |
21 | .\" give a nicer C++. Capital omega is used to do unbreakable dashes and | |
22 | .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, | |
23 | .\" nothing in troff, for use with C<>. | |
24 | .tr \(*W- | |
e056f0e0 | 25 | .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' |
984263bc | 26 | .ie n \{\ |
e056f0e0 JR |
27 | . ds -- \(*W- |
28 | . ds PI pi | |
29 | . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | |
30 | . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch | |
31 | . ds L" "" | |
32 | . ds R" "" | |
33 | . ds C` "" | |
34 | . ds C' "" | |
984263bc MD |
35 | 'br\} |
36 | .el\{\ | |
e056f0e0 JR |
37 | . ds -- \|\(em\| |
38 | . ds PI \(*p | |
39 | . ds L" `` | |
40 | . ds R" '' | |
5a44c043 SW |
41 | . ds C` |
42 | . ds C' | |
984263bc | 43 | 'br\} |
e056f0e0 | 44 | .\" |
e257b235 PA |
45 | .\" Escape single quotes in literal strings from groff's Unicode transform. |
46 | .ie \n(.g .ds Aq \(aq | |
47 | .el .ds Aq ' | |
48 | .\" | |
e056f0e0 | 49 | .\" If the F register is turned on, we'll generate index entries on stderr for |
01185282 | 50 | .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
e056f0e0 JR |
51 | .\" entries marked with X<> in POD. Of course, you'll have to process the |
52 | .\" output yourself in some meaningful fashion. | |
5a44c043 SW |
53 | .\" |
54 | .\" Avoid warning from groff about undefined register 'F'. | |
55 | .de IX | |
984263bc | 56 | .. |
5a44c043 SW |
57 | .nr rF 0 |
58 | .if \n(.g .if rF .nr rF 1 | |
59 | .if (\n(rF:(\n(.g==0)) \{ | |
60 | . if \nF \{ | |
61 | . de IX | |
62 | . tm Index:\\$1\t\\n%\t"\\$2" | |
e257b235 | 63 | .. |
5a44c043 SW |
64 | . if !\nF==2 \{ |
65 | . nr % 0 | |
66 | . nr F 2 | |
67 | . \} | |
68 | . \} | |
e257b235 | 69 | .\} |
5a44c043 | 70 | .rr rF |
aac4ff6f | 71 | .\" |
e056f0e0 JR |
72 | .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). |
73 | .\" Fear. Run. Save yourself. No user-serviceable parts. | |
74 | . \" fudge factors for nroff and troff | |
984263bc | 75 | .if n \{\ |
e056f0e0 JR |
76 | . ds #H 0 |
77 | . ds #V .8m | |
78 | . ds #F .3m | |
79 | . ds #[ \f1 | |
80 | . ds #] \fP | |
984263bc MD |
81 | .\} |
82 | .if t \{\ | |
e056f0e0 JR |
83 | . ds #H ((1u-(\\\\n(.fu%2u))*.13m) |
84 | . ds #V .6m | |
85 | . ds #F 0 | |
86 | . ds #[ \& | |
87 | . ds #] \& | |
984263bc | 88 | .\} |
e056f0e0 | 89 | . \" simple accents for nroff and troff |
984263bc | 90 | .if n \{\ |
e056f0e0 JR |
91 | . ds ' \& |
92 | . ds ` \& | |
93 | . ds ^ \& | |
94 | . ds , \& | |
95 | . ds ~ ~ | |
96 | . ds / | |
984263bc MD |
97 | .\} |
98 | .if t \{\ | |
e056f0e0 JR |
99 | . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" |
100 | . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | |
101 | . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | |
102 | . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | |
103 | . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | |
104 | . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | |
984263bc | 105 | .\} |
e056f0e0 | 106 | . \" troff and (daisy-wheel) nroff accents |
984263bc MD |
107 | .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' |
108 | .ds 8 \h'\*(#H'\(*b\h'-\*(#H' | |
109 | .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | |
110 | .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | |
111 | .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | |
112 | .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | |
113 | .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | |
114 | .ds ae a\h'-(\w'a'u*4/10)'e | |
115 | .ds Ae A\h'-(\w'A'u*4/10)'E | |
e056f0e0 | 116 | . \" corrections for vroff |
984263bc MD |
117 | .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' |
118 | .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | |
e056f0e0 | 119 | . \" for low resolution devices (crt and lpr) |
984263bc MD |
120 | .if \n(.H>23 .if \n(.V>19 \ |
121 | \{\ | |
e056f0e0 JR |
122 | . ds : e |
123 | . ds 8 ss | |
124 | . ds o a | |
125 | . ds d- d\h'-1'\(ga | |
126 | . ds D- D\h'-1'\(hy | |
127 | . ds th \o'bp' | |
128 | . ds Th \o'LP' | |
129 | . ds ae ae | |
130 | . ds Ae AE | |
984263bc MD |
131 | .\} |
132 | .rm #[ #] #H #V #F C | |
e056f0e0 JR |
133 | .\" ======================================================================== |
134 | .\" | |
135 | .IX Title "SSL_CTX_set_tmp_dh_callback 3" | |
7dc78669 | 136 | .TH SSL_CTX_set_tmp_dh_callback 3 "2015-07-09" "1.0.1p" "OpenSSL" |
e257b235 PA |
137 | .\" For nroff, turn off justification. Always turn off hyphenation; it makes |
138 | .\" way too many mistakes in technical documents. | |
139 | .if n .ad l | |
140 | .nh | |
984263bc | 141 | .SH "NAME" |
a7d27d5a | 142 | SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange |
984263bc | 143 | .SH "SYNOPSIS" |
e056f0e0 | 144 | .IX Header "SYNOPSIS" |
984263bc MD |
145 | .Vb 1 |
146 | \& #include <openssl/ssl.h> | |
e257b235 | 147 | \& |
984263bc MD |
148 | \& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, |
149 | \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); | |
150 | \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); | |
e257b235 | 151 | \& |
ecf90583 | 152 | \& void SSL_set_tmp_dh_callback(SSL *ctx, |
984263bc MD |
153 | \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); |
154 | \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) | |
984263bc MD |
155 | .Ve |
156 | .SH "DESCRIPTION" | |
e056f0e0 JR |
157 | .IX Header "DESCRIPTION" |
158 | \&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be | |
159 | used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. | |
984263bc MD |
160 | The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. |
161 | .PP | |
e056f0e0 | 162 | \&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. |
984263bc MD |
163 | The key is inherited by all \fBssl\fR objects created from \fBctx\fR. |
164 | .PP | |
e056f0e0 | 165 | \&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. |
984263bc | 166 | .PP |
e056f0e0 | 167 | \&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. |
984263bc | 168 | .PP |
e056f0e0 | 169 | These functions apply to \s-1SSL/TLS\s0 servers only. |
984263bc | 170 | .SH "NOTES" |
e056f0e0 JR |
171 | .IX Header "NOTES" |
172 | When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange | |
173 | can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. | |
984263bc | 174 | In these cases, the session data are negotiated using the |
e056f0e0 | 175 | ephemeral/temporary \s-1DH\s0 key and the key supplied and certified |
984263bc | 176 | by the certificate chain is only used for signing. |
e056f0e0 | 177 | Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. |
984263bc | 178 | .PP |
e056f0e0 JR |
179 | Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection |
180 | can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary | |
181 | \&\s-1DH\s0 key inside the server application that is lost when the application | |
984263bc MD |
182 | is left, it becomes impossible for an attacker to decrypt past sessions, |
183 | even if he gets hold of the normal (certified) key, as this key was | |
184 | only used for signing. | |
185 | .PP | |
e056f0e0 | 186 | In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group |
d95b477a SW |
187 | (\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. |
188 | The server will always generate a new \s-1DH\s0 key during the negotiation | |
189 | if either the \s-1DH\s0 parameters are supplied via callback or the | |
190 | \&\s-1SSL_OP_SINGLE_DH_USE\s0 option of \fISSL_CTX_set_options\fR\|(3) is set (or both). | |
191 | It will immediately create a \s-1DH\s0 key if \s-1DH\s0 parameters are supplied via | |
192 | \&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. | |
193 | In this case, | |
984263bc MD |
194 | it may happen that a key is generated on initialization without later |
195 | being needed, while on the other hand the computer time during the | |
196 | negotiation is being saved. | |
197 | .PP | |
e056f0e0 | 198 | If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly |
984263bc | 199 | necessary to generate a new key for each handshake but it does improve forward |
60096f03 SW |
200 | secrecy. If it is not assured that \*(L"strong\*(R" primes were used, |
201 | \&\s-1SSL_OP_SINGLE_DH_USE\s0 must be used in order to prevent small subgroup | |
202 | attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 has an impact on the | |
203 | computer time needed during negotiation, but it is not very large, so | |
204 | application authors/users should consider always enabling this option. | |
205 | The option is required to implement perfect forward secrecy (\s-1PFS\s0). | |
984263bc | 206 | .PP |
e056f0e0 | 207 | As generating \s-1DH\s0 parameters is extremely time consuming, an application |
984263bc | 208 | should not generate the parameters on the fly but supply the parameters. |
e056f0e0 JR |
209 | \&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during |
210 | the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker | |
211 | may specialize on a very often used \s-1DH\s0 group. Applications should therefore | |
212 | generate their own \s-1DH\s0 parameters during the installation process using the | |
60096f03 SW |
213 | openssl \fIdhparam\fR\|(1) application. This application |
214 | guarantees that \*(L"strong\*(R" primes are used. | |
984263bc | 215 | .PP |
60096f03 | 216 | Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current |
e056f0e0 | 217 | version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, |
e257b235 | 218 | which use safe primes and were generated verifiably pseudo-randomly. |
984263bc | 219 | These files can be converted into C code using the \fB\-C\fR option of the |
60096f03 SW |
220 | \&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 |
221 | parameters during installation should still be preferred to stop an | |
222 | attacker from specializing on a commonly used group. Files dh1024.pem | |
223 | and dh512.pem contain old parameters that must not be used by | |
224 | applications. | |
984263bc | 225 | .PP |
e056f0e0 | 226 | An application may either directly specify the \s-1DH\s0 parameters or |
60096f03 | 227 | can supply the \s-1DH\s0 parameters via a callback function. |
984263bc | 228 | .PP |
60096f03 SW |
229 | Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR |
230 | parameters to control parameter generation for export and non-export | |
231 | cipher suites. Modern servers that do not support export ciphersuites | |
232 | are advised to either use \fISSL_CTX_set_tmp_dh()\fR in combination with | |
233 | \&\s-1SSL_OP_SINGLE_DH_USE,\s0 or alternatively, use the callback but ignore | |
234 | \&\fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit | |
235 | parameters in the callback. | |
984263bc | 236 | .SH "EXAMPLES" |
e056f0e0 | 237 | .IX Header "EXAMPLES" |
60096f03 | 238 | Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling |
984263bc MD |
239 | partly left out.) |
240 | .PP | |
60096f03 SW |
241 | .Vb 2 |
242 | \& Command\-line parameter generation: | |
243 | \& $ openssl dhparam \-out dh_param_2048.pem 2048 | |
e257b235 | 244 | \& |
60096f03 SW |
245 | \& Code for setting up parameters during server initialization: |
246 | \& | |
247 | \& ... | |
248 | \& SSL_CTX ctx = SSL_CTX_new(); | |
984263bc | 249 | \& ... |
60096f03 SW |
250 | \& |
251 | \& /* Set up ephemeral DH parameters. */ | |
252 | \& DH *dh_2048 = NULL; | |
253 | \& FILE *paramfile; | |
254 | \& paramfile = fopen("dh_param_2048.pem", "r"); | |
984263bc | 255 | \& if (paramfile) { |
60096f03 | 256 | \& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); |
984263bc | 257 | \& fclose(paramfile); |
60096f03 SW |
258 | \& } else { |
259 | \& /* Error. */ | |
984263bc | 260 | \& } |
60096f03 SW |
261 | \& if (dh_2048 == NULL) { |
262 | \& /* Error. */ | |
984263bc | 263 | \& } |
60096f03 SW |
264 | \& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { |
265 | \& /* Error. */ | |
984263bc | 266 | \& } |
60096f03 SW |
267 | \& SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); |
268 | \& ... | |
984263bc MD |
269 | .Ve |
270 | .SH "RETURN VALUES" | |
e056f0e0 JR |
271 | .IX Header "RETURN VALUES" |
272 | \&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return | |
984263bc MD |
273 | diagnostic output. |
274 | .PP | |
e056f0e0 | 275 | \&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 |
984263bc MD |
276 | on failure. Check the error queue to find out the reason of failure. |
277 | .SH "SEE ALSO" | |
a7d27d5a | 278 | .IX Header "SEE ALSO" |
e056f0e0 JR |
279 | \&\fIssl\fR\|(3), \fISSL_CTX_set_cipher_list\fR\|(3), |
280 | \&\fISSL_CTX_set_tmp_rsa_callback\fR\|(3), | |
281 | \&\fISSL_CTX_set_options\fR\|(3), | |
282 | \&\fIciphers\fR\|(1), \fIdhparam\fR\|(1) |