[openssl-users] What key length is used for DHE by default ?

Nayna Jain naynjain at in.ibm.com
Tue May 26 08:08:53 UTC 2015 

I have got the openssl 1.0.2
I don't have any ssl.dh-file set.

Still by default lighttpd is negotiating Server Temp Key: DH, 2048 bits

Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384

I am surprised for this because once and only once it had negotiated 1024
bits and after  that it is showing only 2048.  Can someone help me to
explain this ?

Is there also an option to set the key length manually and check if it will
negotiate that. ?

Thanks & Regards,
Nayna Jain



From:	Jakob Bohm <jb-openssl at wisemo.com>
To:	openssl-users at openssl.org
Date:	05/25/2015 06:02 AM
Subject:	Re: [openssl-users] What key length is used for DHE by
            default ?
Sent by:	"openssl-users" <openssl-users-bounces at openssl.org>



On 24/05/2015 05:33, mancha wrote:
> On Fri, 22 May 2015 at 11:17:21AM +0100, Matt Caswell wrote:
>> On 22/05/15 11:11, Nayna Jain wrote:
>>> Hi,
>>>
>>> With the latest logjam attack, as I was trying to verify if my
>>> server (lighttpd) accepts DHE_xxx  ciphers,  I saw that it accepted
>>> and I didn't do any configuration setting done for DH parameters
>>> explicitly.
>>>
>>> But I couldn't verify what is the key length did it use by default
>>> 512/1024/2048 ?
>>>
>>> Eg. the one it negotiated was DHE-RSA-AES128-SHA256  and for TLSv1.2
>>> protocol ?
>>>
>>> Will the key length be different for different protocols like
>>> SSLv3/TLSv1.0/TLSv1.1/TLSv1.2?  If yes , then what for each of them.
>> How that is configured depends on the application that is using
>> OpenSSL. A quick google search throws up this:
>>
>> http://redmine.lighttpd.net/projects/1/wiki/docs_ssl
>>
>> 'Diffie-Hellman and Elliptic-Curve Diffie-Hellman parameters
>> Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement
>> protocols will be supported in lighttpd 1.4.29. By default,
>> Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement
>> protocols use, respectively, the 1024-bit MODP Group with 160-bit
>> prime order subgroup from RFC 5114 and "prime256v1" (also known as
>> "secp256r1") elliptic curve from RFC 4492. The Elliptic-Curve
>> Diffie-Hellman key agreement protocol is supported in OpenSSL from
>> 0.9.8f version onwards. For maximum interoperability, OpenSSL only
>> supports the "named curves" from RFC 4492.
>>
>> Using the ssl.dh-file and ssl.ec-curve configuration variables, you
>> can define your own set of Diffie-Hellman domain parameters. For
>> example:
>>
>> ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
>> ssl.ec-curve = "secp384r1"'
> OpenSSL users might like to know you can use s_client to diagnose a
> server's Diffie-Hellman profile. Starting with OpenSSL 1.0.2 you can do:
>
> $ openssl s_client -connect www.example.com:443 -cipher "EDH" | grep
> "Server Temp Key"
>
> If you're testing a server that uses a small (weak) DH group the above
> command might output something like:
>
> Server Temp Key: DH, 512 bits
>
> Note: If you're on OpenSSL 1.0.1 you'll need to apply my back port to
> have this functionality:
>
> https://twitter.com/mancha140/status/602241770961907712
>
> --mancha
>
> P.S. That command also shows the elliptic curve name and bit size when
> using ECDHE and the RSA modulus bit size when RSA is used for the
> temporary key (as done by some export ciphers).
>
BEWARE: If the application is written to use different
DH key lengths for different ciphers (as is traditional),
this will only show the DH group for the current cipher,
not for any other cipher.  In the most common case,
selecting one of the old "export" ciphers will switch
from the longer DH group to a 512 bit DH group!


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150526/eb796511/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150526/eb796511/attachment.gif>

More information about the openssl-users mailing list