Opened 7 years ago
#11646 new Bugs
Boost ASIO server-side async_handshake handler not called if Diffie-Hellman key is too small
| Reported by: | Owned by: | chris_kohlhoff | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | asio |
| Version: | Boost 1.58.0 | Severity: | Problem |
| Keywords: | use_tmp_dh_file dh diffie hellman key too small ssl openssl | Cc: |
Description
Boost ASIO server-side async_handshake handler is never called if the Diffie-Hellman key is too small. Instead, the handshake operation appears to hang indefinitely.
OpenSSL now requires Diffie-Hellman keys to be at least 768 bits (https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/).
This bug may be reproduced using the SSL examples in the Boost documentation (http://www.boost.org/doc/libs/1_58_0/doc/html/boost_asio/example/cpp03/ssl/server.cpp) and a recent version of OpenSSL that restricts DH keys to 768 or more bits. (I'm using OpenSSL version 1.0.2d.) Observe the bug by placing a breakpoint on the server-side handshake handler and seeing that the breakpoint is never hit.
For what it's worth, the client-side handshake operation completes, with error ("dh key too small"), as expected. So this problem affects only the server.
