[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

Jakob Bohm jb-openssl at wisemo.com
Thu May 21 17:10:47 UTC 2015

On 20/05/2015 22:29, Scott Neugroschl wrote:
> On Wednesday, May 20, 2015 10:18 AM, Kurt Roeckx wrote:
>> On Wed, May 20, 2015 at 03:47:33PM +0000, Scott Neugroschl wrote:
>>> Is OpenSSL vulnerable to Logjam?
>> See
>> http://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

To supplement this, maybe change the server side code
that calls the DH group callback to never ask for less
than 1024 bits, even if the client appears to do so.
While you are at it, also use ClientHello details to
estimate if you should ask the application for 1024,
2048 or some other strength, such that JRE6 based and
other old clients can get 1024 bit DHE, while modern
clients can get 2048 bit DHE.
  For OpenSSL based servers, I suspect that to be the
most common path of attack.

As an additional change for 1.0.2c or later (no need to
delay the urgent fix), maybe adjust internal operations
to discourage use of hardcoded DH groups for TLS DH (but
NOT for generic DH-like operations such as openssl-based
implementations of SRP).  The change should be such that
it does not break software that actively changes the DH
groups outside the OpenSSL code.

i.e. Don't simply disable the functions that take DH
groups as input, but do devise some way to work around
the commonly used code pattern of calling openssl
dhparam at build time and then making all users of a
distribution use the resulting DH group.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list