Clarification on configuration

[jamesdbaker]

In the example configuration, it states:

#Defines the temporary DH (Diffie-Hellman) parameters file name (*.pem)
#Example method of generating this file:
#    openssl dhparam -out dh.pem 2048
#The DH parameter size is to be chosen as follows:
#    Mozilla Old - suggests 1024 as the minimum size to use, using
#                  smaller size will cause TLS handshake failure!
#    Mozilla Intermediate - suggests 2048 as the minimum size to use
#    Mozilla Modern - suggests not using DH at all but we still allow
#May be left empty for 'is_tls_server=false'
tls_tmp_dh_file=./certificates/dh2048.pem

To me, that suggests I should be able to leave tls_tmp_dh_file if I'm using Mozilla Modern. However, if I set tls_mode=mod (i.e. using Mozilla Modern) and then don't set the value I get the following:

ERROR <bpbd_processor.cpp::main(...):214>: main.hpp:131: Undefined compulsory '[Server Options]/tls_tmp_dh_file' (section/key) value in the configuration file!

If I'm using Mozilla Modern, and not using DH, do I still need to set the configuration? And if not, is it a bug that a value is still required?

[ivan-zapreev]

Dear James,

Thank you for reporting this issue!

The comment in the configuraton file is not correct. We do need DH even though Mozilla suggests not to use it for Mozilla Modern. Without it the Websockets++ and OpenSSL 1.0 did not manage to establish connections.

Kind regards,

Ivan