Alexander Petrovsky
2018-08-23 14:57:28 UTC
Hello!
We have stumble upon default DH prime (2048 bits) in Erlang when we try to
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
We have stumble upon default DH prime (2048 bits) in Erlang when we try to
establish TLS session with cisco spa303 (VoIP hardphone)
via TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) cipher suite. Unfortunately,
this hardphone can work only with 1024 bit DH prime.
I wonder, why Ingela hardcoded this DH prime -
https://github.com/erlang/otp/commit/3458af579af6600870c5ada69b81085f47e9f52b
In my synthetical tests, new DH prime generation is fast enough
(crypto:strong_rand_bytes(256)), about 17 us in 99 percentile in 1000000
iterations.
Why Ingela has hardcoded this DH prime and is any reason why I shouldn't
generate DH prime in real-time?
--
ÐеÑÑПвÑкОй ÐлекÑÐ°ÐœÐŽÑ / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991
ÐеÑÑПвÑкОй ÐлекÑÐ°ÐœÐŽÑ / Alexander Petrovsky,
Skype: askjuise
Phone: +7 931 9877991