Re: [openssl-dev] A question DH parameter generation and usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Michael,

Thanks for very detailed answers. This will surely help me to investigate further.

Regards
Jaya

On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> wrote:
> From: openssl-users [mailto:openssl-users-bounces@openssl.org] On Behalf Of Salz, Rich via openssl-users
> Sent: Wednesday, December 06, 2017 08:50

> You can re-use the keys, but then you get no forward secrecy, and sessions generated with one connection are
> vulnerable to another.

If you reuse keys, yes; but you still get PFS if you only reuse the same group and generate ephemeral keys (assuming sufficient group strength, where "sufficient" depends on the size of the group and its value to well-resourced attackers). I thought that was what the original poster was asking about.

> Why are you using DH?  Unless you have compelling reasons (interop with legacy), you really should use ECDHE.

Interop would be the usual reason. And since supporting DHE properly is a small fixed cost (generate a group or pick one from RFC 7919, hard-code it, and set it in each SSL_CTX), you might as well do it, no?

But I agree that the ECDHE suites are generally preferable when the client supports them. I know there's some NSA FUD around ECC since they pulled it from the Suite B recommendations in 2015.[1] I still think the published evidence supports using ECC, though. On the other hand, and per today's other thread on the subject, there may be legal concerns around the use of ECC.


[1] Matt Green has a nice discussion of this, including a link to the great paper Koblitz and Menezes wrote about it, here: https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux