httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erwann ABALEA <erwann.aba...@keynectis.com>
Subject Re: Diffie-Hellman group parameters 1024 bit and Perfect Forward Secrecy
Date Fri, 28 Jun 2013 10:07:39 GMT
It could be done, yes.
However, it's slightly less necessary, as right now prime256v1 curve
is the default one, and it's a secure one (until Dan Bernstein
publishes his paper about NIST curves).
On high-volume websites, some may be tempted to switch to prime224v1
if it was possible; it's twice as fast and still offers 112 bits of
security. The overall gain would be marginal, though.
I haven't dived yet into ECDHE and TLS negotiation to see if other
curves can be supported (the brainpool ones, for example).

In his last blog post, Ben Laurie has good concerns regarding the
SessionTicket keys (renew them often, don't write them to disk).

2013/6/28 Rob Stradling <rob.stradling@comodo.com>:
> How about making ECDH parameters configurable from within Apache too?
>
> On 28/06/13 09:57, MikeM wrote:
>>
>> Hi,
>>
>> I agree that the configuration of DH parameters should be possible from
>> within Apache. Ideally the configuration should allow the size of random
>> DH Parameters to be chosen and also allow the user to provide a
>> preconfigured DH Parameter file.
>>
>> This patch should be included into 2.2 and 2.4, and of course 2.5-dev :)
>>
>> Many thanks,
>> Mike
>>
>> On 28/06/2013 08:46, Hanno Böck wrote:
>>>
>>> Hi,
>>>
>>> There has been lately some attention to perfect forward secrecy in TLS,
>>> mainly due to an article on netcraft:
>>>
>>> http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html
>>>
>>>
>>> What worries me is that apache still fixes the DH group size to 1024
>>> bit. If one uses an RSA key with, e.g., 2048 bit, then using a DHE TLS
>>> cipher will actually "downgrade" the security of the connection.
>>>
>>> DLP or factoring-based public key cryptography with 1024 bit has been
>>> known to be potentially week for quite some time now. NIST recommended
>>> to phase out 1024 bit keys by 2010.
>>> (we don't have a "key" here, but the security of a DHE group with 1024
>>> bit is equivalent to a 1024 bit DSA key)
>>>
>>> There's been a patch in bugzilla for a while to allow user-defined DH
>>> parameters, however it hasn't gotten any attention by apache developers
>>> yet:
>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=49559
>>>
>>> I'd like to ask apache devs to raise some attention to this issue. I
>>> think user-defined dh groups would be a good thing, but probably the
>>> default should also be raised to e.g. 2048 bit.
>>>
>>> cu,

Mime
View raw message