[openssl-dev] Weak DH and the Logjam
mancha
mancha1 at zoho.com
Thu May 21 03:29:23 UTC 2015
On Wed, May 20, 2015 at 11:31:00PM +0200, Kurt Roeckx wrote:
> On Wed, May 20, 2015 at 08:58:54PM +0000, mancha wrote:
> > On Wed, May 20, 2015 at 07:17:43PM +0200, Kurt Roeckx wrote:
> > > On Wed, May 20, 2015 at 07:11:42AM +0000, mancha wrote:
> > > > Hello.
> > > >
> > > > Given Adrien et al. recent paper [1] together with their
> > > > proof-of-concept attacks against 512-bit DH groups [2], it might
> > > > be a good time to resurrect a discussion Daniel Kahn Gillmor has
> > > > started here in the past.
> > >
> > > Please see
> > > http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
> > >
> > >
> > > Kurt
> >
> > Hi Kurt. Thanks for the link and congrats to EK for a well-written
> > blog.
> >
> > A few questions...
> >
> > 1. On ECC:
> >
> > Did I correctly understand that starting with 1.0.2b, OpenSSL
> > clients will only include secp256r1, secp384r1, and secp521r1 on the
> > prime side and sect283k1, sect283r1, sect409k1, sect409r1,
> > sect571k1, sect571r1 on the binary side in supported elliptic curves
> > extensions?
>
> It also has the 3 brainpool curves and secp256k1.
Yep, forgot about the addition of brainpool curves in 1.0.2.
> > Will OpenSSL consider making this change in 1.0.1 as well?
>
> 1.0.1 doesn't support the auto ecdh, so we at least can't do exactly
> the same there. But maybe we should also update the default used by
> the client?
The following pull request for 1.0.1-stable removes elliptic curves that
provide less than the equivalent of 128 bits of symmetric key security
from the list clients announce via supported elliptic curves extensions.
https://github.com/openssl/openssl/pull/288
--mancha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150521/20a7286a/attachment.sig>
More information about the openssl-dev
mailing list