On 19/07/2016 11:16, Bogdan Harjoc wrote: > When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key, > I noticed that browsers select > > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA > (chrome, firefox) > > and openssl due to the ciphers list selects > > TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA > > openssl s_client -connect 112.175.90.160:443 -cipher > DEFAULT > :!EDH-RSA-DES-CBC3-SHA > :!DHE-RSA-AES128-GCM-SHA256 > :!DHE-RSA-AES256-GCM-SHA384 > :!DHE-RSA-AES128-SHA256 > :!DHE-RSA-AES128-SHA > :!DHE-RSA-AES256-SHA256 > :!DHE-RSA-AES256-SHA > :-ECDH > :-EXPORT:-DES:-SEED:-RC4:-PSK:-IDEA > :ECDHE-RSA-AES128-SHA > > The error is: dh key too small:.\ssl\s3_clnt.c:3424. > > From a client that uses openssl libs, what would the correct > workaround be ? Try to figure out that the DH key is too small and > retry with the DHE ciphers disabled ? Or reorder the ciphers ? Given > that cipher order can lead to failed handshakes, is there a correct > order for https clients ? I am not sure, but I guess those browsers default to listing ECDHE before EDHE, thus never notices the weak DH group parameters (not key, OpenSSL error message is misleading). You could try testing those particular versions of chrome and firefox against https://www.ssllabs.com/ssltest/viewMyClient.html to see what their cipher list is. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded