[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

Jakob Bohm jb-openssl at wisemo.com
Fri May 22 04:51:42 UTC 2015

On 22/05/2015 03:57, Jeffrey Walton wrote:
>> As an additional change for 1.0.2c or later (no need to
>> delay the urgent fix), maybe adjust internal operations
>> to discourage use of hardcoded DH groups for TLS DH (but
>> NOT for generic DH-like operations such as openssl-based
>> implementations of SRP).
> That's going to be tough because standards groups like the TLS WG are
> actively promoting fully specified, named parameters and curves.
> See, for example, "Negotiated Finite Field Diffie-Hellman Ephemeral
> Parameters for TLS",
> https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-09; and
> the discussion of magic primes at "Re: [TLS] Another IRINA bug in
> TLS", https://www.ietf.org/mail-archive/web/tls/current/msg16417.html.
> (The thread is due to the recent attacks on DH).
The latter thread contains posts from respected experts
asking not to use fixed parameters for DH, and a lot of
noise from experts promoting their pet algorithms, such
as ECDH (off topic for DH issues), specific ideas of
which groups are the safest (most promoting the
"(p-1)/2 also prime" variant, none acknowledging the
DSA-like X9.42 variant), or just asking if LogJam is at
all real.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list