On 20/05/2015 22:29, Scott Neugroschl wrote: > On Wednesday, May 20, 2015 10:18 AM, Kurt Roeckx wrote: >> On Wed, May 20, 2015 at 03:47:33PM +0000, Scott Neugroschl wrote: >>> Is OpenSSL vulnerable to Logjam? >> See >> http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ To supplement this, maybe change the server side code that calls the DH group callback to never ask for less than 1024 bits, even if the client appears to do so. While you are at it, also use ClientHello details to estimate if you should ask the application for 1024, 2048 or some other strength, such that JRE6 based and other old clients can get 1024 bit DHE, while modern clients can get 2048 bit DHE. For OpenSSL based servers, I suspect that to be the most common path of attack. As an additional change for 1.0.2c or later (no need to delay the urgent fix), maybe adjust internal operations to discourage use of hardcoded DH groups for TLS DH (but NOT for generic DH-like operations such as openssl-based implementations of SRP). The change should be such that it does not break software that actively changes the DH groups outside the OpenSSL code. i.e. Don't simply disable the functions that take DH groups as input, but do devise some way to work around the commonly used code pattern of calling openssl dhparam at build time and then making all users of a distribution use the resulting DH group. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
