I'm running Apache 2.4.7 on an Ubuntu 14.04 ("Trusty") server. The Ubuntu-specific package identifier is "2.4.7-1ubuntu4.1".
If one does not explicitly specify DH/ECDH parameters (see below), Apache uses the standard DH parameters from RFC 3526 for discrete-log DH. The length of the parameter is matched to the length of the RSA public key (e.g. a 2048-bit RSA key gets a 2048-bit DH parameter, 4096-bit RSA key gets a 4096-bit DH parameter, etc.).
It appears that only the NIST P-256 cuve is used for ECDH regardless of the size of the RSA or ECDSA public key.
The Apache documentation indicates that, in addition to a site's SSL certificate, one can manually specify DH or ECDH parameters in the file referenced by the SSLCertificateFile directive in a site's configuration file.
The exact text of the relevant entry in the docs is:
Additional optional elements are DH parameters and/or an EC curve name for ephemeral keys, as generated by
openssl dhparamandopenssl ecparam, respectively (supported in version 2.4.7 or later) and finally, the end-entity certificate's private key.
However, it appears that Apache only reads the first DH and first ECDH parameters declared in this way. Additional sets of parameters declared in that file are ignored.
Is it possible to declare multiple sets of parameters so that clients could choose which one to use for DH/ECDH?
Specifically, I'd like to declare multiple acceptable elliptic curves for ECDH.
For example, I would like to have secp256r1 available for compatibility reasons, but also offer secp384r1 and secp521r1 to clients who support such curves.
Additionally, it would be nice to have 1024-bit DH parameters available for legacy clients, but 2048-bit or higher parameters for newer clients that support longer primes.
Is it possible to declare multiple sets of DH and ECDH parameters and I'm simply missing something, or is it only possible to explicitly declare one set of DH and ECDH parameters, respectively?
Best Answer
There's no way to do it for non-EC DH.
For ECDH: