Attachment 247526 Details for Bug 208953 – dhparams_gen.sh

dhparams_gen.sh

dhparams_gen.sh (text/plain), 1.50 KB, created by Miroslav Lachman on 2024-01-08 08:13:14 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Miroslav Lachman

Created: 2024-01-08 08:13:14 UTC

Size: 1.50 KB

patch

obsolete

>#!/bin/sh
>
>dh_file="dhparams.pem"
>
>dh_file_tmp=$(mktemp $dh_file.XXX) || exit 1
>
>cat <<EOF >> "$dh_file_tmp"
># This file contains a number of pregenerated Diffie-Hellman group parameters,
># ranging in size from 1024 to 8192 bits.  These are intended for use during
># the Diffie-Hellman group exchange protocol, part of the SSH key exchange
># (see RFC4419).
>#
># The file was generated using the following OpenSSL command:
>#
>#   openssl dhparam -outform PEM -2|-5 1024|1536|2048|3072|4096|6144|7680|8192 >> dhparams.pem
>#
># Note that these DH parameters should be refreshed every so often (e.g.
># every few years).  These parameters were last updated on $(date '+%F').
>EOF
>
>for size in 1024 1536 2048 3072 4096 6144 7680 8192; do
>	case "$size" in
>		1024)	iter=3;;
>		1536)	iter=2;;
>		*)		iter=1;;
>	esac
>
>	if [ $size -lt 6144 ]; then
>		gen_type="2 and 5"
>	else
>		gen_type="5"
>	fi
>
>	echo "" >> "$dh_file_tmp"
>	echo "# $size-bit DH group params (generator type $gen_type)" >> "$dh_file_tmp"
>
>	for i in $(seq 1 $iter); do
>		if [ $size -lt 6144 ]; then
>			## dhparam of sizes larger than 4096 with gen type 2 takes too much
>			## time, few hours on average machine. Use only gen type 5 for >4096
>			echo "# openssl dhparam -outform PEM -2 $size" >> "$dh_file_tmp"	## debug only
>			openssl dhparam -outform PEM -2 $size >> "$dh_file_tmp" 2> /dev/null
>		fi
>		echo "# openssl dhparam -outform PEM -5 $size" >> "$dh_file_tmp"	## debug only
>		openssl dhparam -outform PEM -5 $size >> "$dh_file_tmp" 2> /dev/null
>	done
>done
>
>mv "$dh_file_tmp" "$dh_file"

Actions: View

Attachments on bug 208953: 247526