Skip to content

Adding ssl_server example to default build #610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 2, 2016
Merged

Adding ssl_server example to default build #610

merged 5 commits into from
Mar 2, 2016

Conversation

ckaminski
Copy link

  • Added ssl_server example to CMakefiles
  • Updated ssl_server DH key to reflect current (2016) browser security
    requirements

Chris Kaminski added 5 commits February 29, 2016 10:50
* Added ssl_server example to CMakefiles
20b4a5e 
* Updated ssl_server DH key to reflect current (2016) browser security
requirements
* Added ssl_server example to CMakefiles
7163304 
* Updated ssl_server DH key to reflect current (2016) browser security
requirements
merged
0c596c1
merged.
e4ca392
Merge branch 'master' of https://github.com/ckaminski/cpp-netlib
c33756e
deanberris
deanberris reviewed Mar 2, 2016
View reviewed changes
libs/network/example/http/ssl/dh2048.pem
Nwjy62Ueg3TUwE5D5K0xgUjyCAuHZmeI2uQUbJS6u9GeraV5h0QtH3njDS6mD64v
cN5MqQXO1UTl4sQUhDPamyiJz57/o/jinHJUDLz1FGS8kOR8ecYAx8JryFgm4qPd
+MYaDDIJku8f19Rnjb1SI/Y28uHL9X2dswIBAg==
-----END DH PARAMETERS-----
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm no security expert, but is this good to do, committing this into the repo?

@ckaminski
Copy link
Author

This file is required for the sample to run. There was a 512-bit version in master:
https://github.com/cpp-netlib/cpp-netlib/blob/master/libs/network/example/http/ssl/dh512.pem
which this replaces.

Since Heartbleed and POODLE, Google Chrome no longer accepts 512-bit DH keys.

An end user should obviously replace these files for production usage. But for the purpose of the example, I don't see a security risk.

I built that version:
openssl dhparam -outform PEM -out dh2048.pem 2048

Ideally they would be autogenerated by the build. I can see if I can learn enough cmake magic to make that happen? I don't know enough about the build-bot to know if that would work, but I can try.

@deanberris
Copy link
Member

Thanks for the explanation -- yes, we can fix this later. I'll merge this now.

Cheers

deanberris added a commit that referenced this pull request Mar 2, 2016
@deanberris
Merge pull request #610 from ckaminski/master
80c05e4 
Adding ssl_server example to default build
@deanberris deanberris merged commit 80c05e4 into cpp-netlib:master Mar 2, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ckaminski @deanberris