Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #116: Enables ECDHE temporary parameters in ASIO SSL #117

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix #116: Enables ECDHE temporary parameters in ASIO SSL #117

wants to merge 3 commits into from

Conversation

conz27
Copy link

@conz27 conz27 commented Apr 24, 2016

Implemented API context::use_tmp_ecdh(std::string& certificate) to
enable SSL_CTX_set_tmp_ecdh() from OpenSSL.

This functionality was missing and certificates using ECC were not able
to use ECDHE due to missing temporary ECDH parameters.

Using this new API, the user can just pass in their certificate and the
API will identify the ECC curve and use it's generator point to create
new temporary key pairs to provide Perfect Forward Secrecy (PFS).

@conz27
Copy link
Author

conz27 commented Apr 24, 2016
edited
Loading

#116 is resolved via this pull request and provides required API for Corvusoft/restbed#86

@conz27 conz27 changed the title Enable ECDHE temporary parameters in ASIO SSL Fix #116: Enables ECDHE temporary parameters in ASIO SSL Apr 24, 2016
@ben-crowhurst
Copy link

+1

@conz27 conz27 mentioned this pull request Apr 25, 2016
Closed
@conz27
Copy link
Author

conz27 commented Aug 25, 2016

BUMP! Any ETA when this will be integrated?

@maxencehenneron
Copy link

BUMP! Would really need this to support ECDHE

@conz27
Copy link
Author

conz27 commented Mar 8, 2017

Rebasing my change to resolve the conflict, but the rest is up to the maintainer.

@conz27
Copy link
Author

conz27 commented Mar 8, 2017

@ben-crowhurst, are you able to test out this change to verify it still works for you?

@conz27
Copy link
Author

conz27 commented Mar 8, 2017

@chriskohlhoff , what will it take to get this feature integrated?

@ghost ghost mentioned this pull request Nov 14, 2018
Open
garethsb
garethsb approved these changes Apr 12, 2019
View reviewed changes
Copy link

@garethsb garethsb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works for me. I actually merged into Boost.Asio. Two minor comments.

asio/include/asio/ssl/context.hpp Outdated
*
* @note Calls @c SSL_CTX_set_tmp_ecdh.
*/
ASIO_DECL void use_tmp_ecdh(const std::string& certificate);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be named use_tmp_ecdh_file for consistency with use_tmp_dh_file as opposed to use_tmp_dh?

asio/include/asio/ssl/context.hpp Outdated
@@ -735,6 +767,10 @@ class context
ASIO_DECL asio::error_code do_use_tmp_dh(
BIO* bio, asio::error_code& ec);

// Helper function to set the temprorary ECC Diffie-Hellman parameters from a BIO.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo 'temprorary' -> 'temporary'.

garethsb added a commit to sony/nmos-cpp that referenced this pull request Apr 17, 2019
@garethsb
Allow configuration of temporary ECDH parameters based on the curve n…
6c3c293 
…amed in an ECDHE certificate

Based on chriskohlhoff/asio#117

(cherry picked from commit e0d2e84d4f5aa3a0625d9d026ed150976d064887)
@conz27
Copy link
Author

conz27 commented Apr 28, 2019

@garethsb-sony , I've applied the changes you requested.

@conz27 conz27 force-pushed the ecdhe_support branch 3 times, most recently from eafb2c1 to 5308e4a Compare May 1, 2019 03:46
conz27 added 3 commits April 30, 2019 23:50
@conz27
Enable ECDHE temporary parameters in ASIO SSL
589f8d7 
Implemented API context::use_tmp_ecdh(std::string& certificate) to
enable SSL_CTX_set_tmp_ecdh() from OpenSSL.

This functionality was missing and certificates using ECC were not able
to use ECDHE due to missing temporary ECDH parameters.

Using this new API, the user can just pass in their certificate and the
API will identify the ECC curve and use it's generator point to create
new temporary key pairs to provide Perfect Forward Secrecy (PFS).
@conz27
Rename functions
9a902b7 
use_tmp_ecdh -> use_tmp_ecdh_file
@conz27
OpenSSL v1.0 and v1.1 Support
e47f648 
- modified to make the code compile with against v1.0 and v1.1 of
OpenSSL
prince-chrismc added a commit to prince-chrismc/Hello-Boost-Beast that referenced this pull request Sep 28, 2019
@prince-chrismc
Taking patch for ecdhe cipher suppport
a679d66 
chriskohlhoff/asio#117
mezzatto
mezzatto reviewed Apr 10, 2020
View reviewed changes
asio/include/asio/ssl/context.hpp
* @param certificate The name of the file containing the ECC-based certificate.
* The file must use the PEM format.
*
* @param ec Set to indicate what error occurred, if any.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is copy/pasted from the other signature. Should be removed from here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mezzatto mezzatto mezzatto left review comments

@garethsb garethsb garethsb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@conz27 @ben-crowhurst @maxencehenneron @mezzatto @garethsb