Subject: SSL_connect returned=1 errno=0 state=error: dh key too small
Jakob Bohm
jb-openssl at wisemo.com
Thu Aug 29 18:49:59 UTC 2019
On 29/08/2019 17:05, Hubert Kario wrote:
> On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:
>> ...
> that server is willing to negotiate ECDHE_RSA ciphers, you'd be better off
> disabling ciphers that use DHE and RSA key exchange and using ECDHE_RSA
> instead of trying to make 1024 bit work – it really is weak and should not be
> used (see also: LOGJAM)
>
>
Where in the LOGJAM papers does it say that 1024 bit DH is too little,
provided the group is not shared among millions of servers?
Where, does it reliably say that ECDH with a choice of very few published
groups is more secure than DH with random group parameters shared among
a much smaller number of connections and servers?
Also note that the following factors make it necessary to support
traditional DHE for compatibility:
1. Red Hat OpenSSL builds until a few years ago disabled EC support.
2. Microsoft (and the TLS protocol specs themselves) until fairly
recently allowed ECDHE only with (EC)DSA server certificates, which
are not as easily available as RSA certs.
3. The "supported groups" TLS extension cannot be used without jamming
the TLS clients into a short list of fixed DH groups. Thus servers
have to ignore that extension and use heuristic guesses to choose the
DH strength.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list