Re: Selection of DHE ciphers based on modulus size of DH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
Thank you all for your responses. I forgot to mention that we are on OpenSSL 1.1.0 and TLS 1.2.
I have some more queries though.


>>Current OpenSSL isn't willing to connect to a server using a DH key size below 1024 bits.
Yes, i have verified this. However, not sure, how my OpenSSL-based client can do this, as our requirement is that we must not use DH key size below 2048 bits.

>> I'm pretty sure that clients can and do refuse to talk to servers with small DH parameters.
Could you please provide some more clues how a client can do so ?

>> However, in TLS 1.3, the FFDHE groups are pre-defined, and the server
>>does not get to choose ad-hoc (p, g) pairs
Yep; i saw them. Here, client plays a role to offer the supported DHE first and then, the server can use that - just like elliptic curve negotiation. But again, one catch is that custom DH groups are no more allowed, for which i didn't find a good reasoning.


Regards,
Sanjaya

On Thu, Jun 7, 2018 at 8:52 AM, Jordan Brown <openssl@xxxxxxxxxxxxxxxxxxxx> wrote:
On 6/6/2018 12:11 PM, Sanjaya Joshi wrote:
I understood that when DHE ciphers are tried to be used between two entities, it's only the server that plays a role about selection of the DH parameters. This is not negotiable with the client. For e.g., the server can freely use a very low not-recommended DH group with 512 bit key length and the client cannot deny it.

 I'm pretty sure that clients can and do refuse to talk to servers with small DH parameters.

Current OpenSSL isn't willing to connect to a server using a DH key size below 1024 bits.

https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
To protect OpenSSL-based clients, we’re increasing the minimum accepted DH key size to 768 bits immediately in the next release, and to 1024 bits soon after. 

-- 
Jordan Brown, Oracle Solaris

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux