From owner-freebsd-ports-bugs@freebsd.org  Mon Feb  3 12:34:53 2020
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A951924BD36
 for <freebsd-ports-bugs@mailman.nyi.freebsd.org>;
 Mon,  3 Feb 2020 12:34:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 48B6j943kTz4VmG
 for <freebsd-ports-bugs@freebsd.org>; Mon,  3 Feb 2020 12:34:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 892E824BD35; Mon,  3 Feb 2020 12:34:53 +0000 (UTC)
Delivered-To: ports-bugs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 87D8524BD34
 for <ports-bugs@mailman.nyi.freebsd.org>; Mon,  3 Feb 2020 12:34:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48B6j92ttbz4VmF
 for <ports-bugs@FreeBSD.org>; Mon,  3 Feb 2020 12:34:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:1d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5A45CA70
 for <ports-bugs@FreeBSD.org>; Mon,  3 Feb 2020 12:34:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 013CYrb5029014
 for <ports-bugs@FreeBSD.org>; Mon, 3 Feb 2020 12:34:53 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 013CYr4r029006
 for ports-bugs@FreeBSD.org; Mon, 3 Feb 2020 12:34:53 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 243724] www/pound: Use -dsaparam for openssl dhparam to cut
 build time
Date: Mon, 03 Feb 2020 12:34:53 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ltning-freebsd@anduin.net
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-243724-7788-ttTkkHufnz@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-243724-7788@https.bugs.freebsd.org/bugzilla/>
References: <bug-243724-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 12:34:53 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D243724

--- Comment #4 from Eirik Oeverby <ltning-freebsd@anduin.net> ---
(In reply to Zeus Panchenko from comment #3)

It's not terribly obvious (in fact it might be outright wrong), and anyone
relying on params generated at compile time on the FreeBSD build cluster are
not going to care anyway. We build our packages in-house and pound tends to=
 get
rebuilt quite often due to other dependencies.

See https://security.stackexchange.com/questions/42415/openvpn-dhparam for =
an
excellent discussion about this - usual caveats about trusting stackexchange
obviously apply; I'm referring to it because it's easily-digestable
information.

Basic takeaways:
 - Not using -dsaparam offers no meaningful security benefit
 - Using -dsaparam has no appreciable negative side effects (performance is
mentioned, but that's mostly theoretical)
 - Using different primes (dhparam) than the rest of the world is a good th=
ing

All I'm asking for is a dramatic reduction in compile time (especially with
system defaults of large primes) in exchange for zero reduction in security=
. :)

--=20
You are receiving this mail because:
You are the assignee for the bug.=