[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

Jeffrey Walton noloader at gmail.com
Fri May 22 01:57:56 UTC 2015


> As an additional change for 1.0.2c or later (no need to
> delay the urgent fix), maybe adjust internal operations
> to discourage use of hardcoded DH groups for TLS DH (but
> NOT for generic DH-like operations such as openssl-based
> implementations of SRP).
That's going to be tough because standards groups like the TLS WG are
actively promoting fully specified, named parameters and curves.

See, for example, "Negotiated Finite Field Diffie-Hellman Ephemeral
Parameters for TLS",
https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09; and
the discussion of magic primes at "Re: [TLS] Another IRINA bug in
TLS", https://www.ietf.org/mail-archive/web/tls/current/msg16417.html.
(The thread is due to the recent attacks on DH).

Jeff


More information about the openssl-users mailing list