LWS_SERVER_OPTION_OPENSSL_AUTO_DH_PARAMETERS takes care of providing a

DH group, aka. finite field group, aka. "DH parameters" (by calling
SSL_CTX_set_dh_auto) in case TLSv1.2 Kx=DH ciphers
(e.g. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) are selected.

Signed-off-by: Norbert van Bolhuis <[email protected]>

Author: nvbolhuis

cmake/lws_config.h.in

@@ -95,6 +95,7 @@
 #cmakedefine LWS_HAVE_SSL_CTX_set1_param
 #cmakedefine LWS_HAVE_SSL_CTX_set_ciphersuites
 #cmakedefine LWS_HAVE_SSL_CTX_set_keylog_callback
+#cmakedefine LWS_HAVE_SSL_CTX_SET_ECDH_AUTO
 #cmakedefine LWS_HAVE_SSL_EXTRA_CHAIN_CERTS
 #cmakedefine LWS_HAVE_SSL_get0_alpn_selected
 #cmakedefine LWS_HAVE_SSL_CTX_EVP_PKEY_new_raw_private_key

include/libwebsockets/lws-context-vhost.h

@@ -242,6 +242,12 @@
 #define LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE		 (1ll << 39)
 	/**< (VHOST) Disallow use of client tls caching (on by default) */
 
+#define LWS_SERVER_OPTION_OPENSSL_AUTO_DH_PARAMETERS		 (1ll << 40)
+	/**< Configure openssl to use the default built-in DH parameters
+	 * to support TLSv1.2 Kx=DH ciphers (by calling SSL_CTX_set_dh_auto)
+	 * This is needed when you want to enable TLSv1.2 ephemeral
+	 * Diffie-Hellman (DH) key exchange ciphers
+	 * (e.g. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384). It's not recommended. */
 
 	/****** add new things just above ---^ ******/
 

lib/tls/CMakeLists.txt

@@ -367,8 +367,10 @@ if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS)
 CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { STACK_OF(X509) *c = NULL; SSL_CTX *ctx = NULL; return (int)SSL_CTX_get_extra_chain_certs_only(ctx, &c); }\n" LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
 CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { EVP_MD_CTX *md_ctx = NULL; EVP_MD_CTX_free(md_ctx); return 0; }\n" LWS_HAVE_EVP_MD_CTX_free)
 CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { OPENSSL_STACK *x = NULL; return !x; } \n" LWS_HAVE_OPENSSL_STACK)
+CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { SSL_CTX *ctx = NULL; return SSL_CTX_set_ecdh_auto(ctx, 1); }\n" LWS_HAVE_SSL_CTX_SET_ECDH_AUTO)
 set(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS ${LWS_HAVE_SSL_EXTRA_CHAIN_CERTS} PARENT_SCOPE)
 set(LWS_HAVE_EVP_MD_CTX_free ${LWS_HAVE_EVP_MD_CTX_free} PARENT_SCOPE)
+set(LWS_HAVE_SSL_CTX_SET_ECDH_AUTO ${LWS_HAVE_SSL_CTX_SET_ECDH_AUTO} PARENT_SCOPE)
 CHECK_FUNCTION_EXISTS(${VARIA}ECDSA_SIG_set0 LWS_HAVE_ECDSA_SIG_set0 PARENT_SCOPE)
 CHECK_FUNCTION_EXISTS(${VARIA}BN_bn2binpad LWS_HAVE_BN_bn2binpad PARENT_SCOPE)
 CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_wrap LWS_HAVE_EVP_aes_128_wrap PARENT_SCOPE)

lib/tls/openssl/openssl-server.c

@@ -520,6 +520,14 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
 #ifdef SSL_OP_NO_COMPRESSION
 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_COMPRESSION);
 #endif
+	if (lws_check_opt(info->options,
+	                  LWS_SERVER_OPTION_OPENSSL_AUTO_DH_PARAMETERS))
+#if defined(LWS_HAVE_SSL_CTX_SET_ECDH_AUTO) || defined(LWS_WITH_BORINGSSL)
+		SSL_CTX_set_ecdh_auto(vhost->tls.ssl_ctx, 1);
+#else
+		SSL_CTX_set_dh_auto(vhost->tls.ssl_ctx, 1);
+#endif
+
 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_DH_USE);
 	SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 

test-apps/test-server.c

@@ -579,6 +579,11 @@ int main(int argc, char **argv)
 			       "!DHE-RSA-AES256-SHA256:"
 			       "!AES256-GCM-SHA384:"
 			       "!AES256-SHA256";
+	/*
+	 * This is needed for DHE-RSA-AES256-GCM-SHA384, it does enable all
+	 * TLSv1.2 Kx=DH ciphers though (if the're on the ssl_cipher_list).
+	 */
+	info.options |= LWS_SERVER_OPTION_OPENSSL_AUTO_DH_PARAMETERS;
 #endif
 	info.mounts = &mount;
 #if defined(LWS_WITH_PEER_LIMITS)