linuxdcpp-team team mailing list archive

Thread
Date

[Bug 1850053] Re: dh key too small

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: eMTee <1850053@xxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Jan 2020 13:27:04 -0000
Reply-to: Bug 1850053 <1850053@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: adchpp
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to ADCH++.
https://bugs.launchpad.net/bugs/1850053

Title:
  dh key too small

Status in ADCH++:
  Fix Committed

Bug description:
  When creating a new certificate, we use the script `linux/generate_certs.sh`
  It uses this command:
   $ openssl dhparam -outform PEM -out dhparam.pem 1024
  which mean "use a Diffie-Hellman key of 1024 bits"

  Sadly, Logjam Attack occurs on DH key <=1024 bits.
  In the way to "fix" that, debian software can't connect anymore on ADCS hub that have a DH key <=1024 bits.

  See https://weakdh.org/ for more security info, but tldr:
   > If you run a server… [...] you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group.

  You can so fix the issue by modifying 
   $ openssl dhparam -outform PEM -out dhparam.pem 1024
  to
   $ openssl dhparam -outform PEM -out dhparam.pem 2048

  Cheers

To manage notifications about this bug go to:
https://bugs.launchpad.net/adchpp/+bug/1850053/+subscriptions

References

[Bug 1850053] [NEW] dh key too small
From: Kcchouette, 2019-10-27