Skip to content

Adding ssl_server example to default build #610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Mar 2, 2016

Conversation

ckaminski
Copy link

  • Added ssl_server example to CMakefiles
  • Updated ssl_server DH key to reflect current (2016) browser security
    requirements

Chris Kaminski added 5 commits February 29, 2016 10:50
* Updated ssl_server DH key to reflect current (2016) browser security
requirements
* Updated ssl_server DH key to reflect current (2016) browser security
requirements
Nwjy62Ueg3TUwE5D5K0xgUjyCAuHZmeI2uQUbJS6u9GeraV5h0QtH3njDS6mD64v
cN5MqQXO1UTl4sQUhDPamyiJz57/o/jinHJUDLz1FGS8kOR8ecYAx8JryFgm4qPd
+MYaDDIJku8f19Rnjb1SI/Y28uHL9X2dswIBAg==
-----END DH PARAMETERS-----
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm no security expert, but is this good to do, committing this into the repo?

@ckaminski
Copy link
Author

This file is required for the sample to run. There was a 512-bit version in master:
https://github.com/cpp-netlib/cpp-netlib/blob/master/libs/network/example/http/ssl/dh512.pem
which this replaces.

Since Heartbleed and POODLE, Google Chrome no longer accepts 512-bit DH keys.

An end user should obviously replace these files for production usage. But for the purpose of the example, I don't see a security risk.

I built that version:
openssl dhparam -outform PEM -out dh2048.pem 2048

Ideally they would be autogenerated by the build. I can see if I can learn enough cmake magic to make that happen? I don't know enough about the build-bot to know if that would work, but I can try.

@deanberris
Copy link
Member

Thanks for the explanation -- yes, we can fix this later. I'll merge this now.

Cheers

deanberris added a commit that referenced this pull request Mar 2, 2016
Adding ssl_server example to default build
@deanberris deanberris merged commit 80c05e4 into cpp-netlib:master Mar 2, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants