[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

Jakob Bohm jb-openssl at wisemo.com
Fri May 22 10:09:06 UTC 2015


On 22/05/2015 08:30, Jeffrey Walton wrote:
> On Fri, May 22, 2015 at 1:55 AM, Jakob Bohm <jb-openssl at wisemo.com> wrote:
>> On 22/05/2015 07:18, Jeffrey Walton wrote:
>>> On Fri, May 22, 2015 at 12:51 AM, Jakob Bohm <jb-openssl at wisemo.com>
>>> wrote:
>>>> On 22/05/2015 03:57, Jeffrey Walton wrote:
>>>>>> As an additional change for 1.0.2c or later (no need to
>>>>>> delay the urgent fix), maybe adjust internal operations
>>>>>> to discourage use of hardcoded DH groups for TLS DH (but
>>>>>> NOT for generic DH-like operations such as openssl-based
>>>>>> implementations of SRP).
>>>>> That's going to be tough because standards groups like the TLS WG are
>>>>> actively promoting fully specified, named parameters and curves.
>>>>>
>>>>> See, for example, "Negotiated Finite Field Diffie-Hellman Ephemeral
>>>>> Parameters for TLS",
>>>>> https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09; and
>>>>> the discussion of magic primes at "Re: [TLS] Another IRINA bug in
>>>>> TLS", https://www.ietf.org/mail-archive/web/tls/current/msg16417.html.
>>>>> (The thread is due to the recent attacks on DH).
>>>> The latter thread contains posts from respected experts
>>>> asking not to use fixed parameters for DH...
>>> Well, I'm not sure how much more respected one can get than Daniel
>>> Kahn Gillmore, Stephen Farrell, Eric Recorla; or have better
>>> credentials than practicing cryptographers.
>>>
>>> How high is your bar :)
>> Whom did I say were not highly respected cryptographers?
>> ...
>> I saw no posts in that thread arguing why fixed DH groups
>> would be a good thing.
> That's Gillmor's
> https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09. Its a
> set of fixed DH groups called out by name for use in TLS.
>
> Or are you talking about server certificates with fixed DH parameters?
I was talking about the current post-logjam discussion
thread, not the pre-logjam draft.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list