Wiki Navigation

Extracting Diffie-Hellman parameters used by Apache2 mod_ssl

The live source code for mod_ssl in Apache2 can be found at:

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_dh.c?view=markup http://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl/ssl_engine_dh.c

The parameters doesn't seem to have changed in a long time.

There is some work involved in extracting the hard coded values into a PKCS#3 blob, so instead I modified gnutls-cli to print the information instead. See git commit at:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=fc0a6aacbc1c3dbb06ec1b15748c214f025a2de3

Using the tool against the mod_ssl server will print the following blob:

- Ephemeral Diffie-Hellman parameters
 - Using prime: 1032 bits
 - Secret key: 1015 bits
 - Peer's public key: 1024 bits
 - PKCS#3 format:

-----BEGIN DH PARAMETERS-----
MIGHAoGBANZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsT
tLTXF34W1VrBebpCCyop/jJKRnpjXoH/WQE3e+3c/TMWikYarTty2uiGAHgEWwen
28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAgEC
-----END DH PARAMETERS-----

Download in other formats:

Plain Text