[openssl-dev] Weak DH and the Logjam
mancha
mancha1 at zoho.com
Wed May 20 20:58:54 UTC 2015
On Wed, May 20, 2015 at 07:17:43PM +0200, Kurt Roeckx wrote:
> On Wed, May 20, 2015 at 07:11:42AM +0000, mancha wrote:
> > Hello.
> >
> > Given Adrien et al. recent paper [1] together with their
> > proof-of-concept attacks against 512-bit DH groups [2], it might be
> > a good time to resurrect a discussion Daniel Kahn Gillmor has
> > started here in the past.
>
> Please see
> http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
>
>
> Kurt
Hi Kurt. Thanks for the link and congrats to EK for a well-written blog.
A few questions...
1. On ECC:
Did I correctly understand that starting with 1.0.2b, OpenSSL clients
will only include secp256r1, secp384r1, and secp521r1 on the prime side
and sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1 on
the binary side in supported elliptic curves extensions?
Will OpenSSL consider making this change in 1.0.1 as well?
2. On FF DH:
Is it possible for OpenSSL to provide a tentative timeline for its
planned transition (no minimum -> 768-bit min -> 1024-bit min)? Right
now the move to 1024-bit is slated for "soon" but tentative dates are
likely more effective prods for sites (and others) using Jurassic
modp's.
Cheers.
--mancha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150520/a958609c/attachment.sig>
More information about the openssl-dev
mailing list