How do I ascertain the key length of some Diffie Hellman moduli to counteract the Log Jam vulnerability?

Mick8695

7/30/23, 10:59 AM

I have the following Diffie-Hellman ciphers on one of my servers

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256     
TLS_DHE_DSS_WITH_AES_256_CBC_SHA        
TLS_DHE_DSS_WITH_AES_128_CBC_SHA      
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

I have been asked to disable any and al Diffie-Hellman moduli of less than 2048 bits

I've managed to find out that found the out that:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA

have a bit length of 1024 but I'm really struggling to find what the actual bit length is of the first 4 ciphers that I mentioned..I've been searching the internet but I just can't find anything?

Am I missing anything? Any help gratefully received

0 + 0

diffie-hellman

logjam

dave_thompson_085

7/31/23, 12:52 AM

To be clear: you've checked somehow for those 2 DHE_RSA suites the DHE group is 1024 bits (not that the RSA cert is)? If so the server very likely uses the same group for DHE_DSS if it supports DHE_DSS at all (which would only be so if it has a DSA key-and-cert configured, and DSA certs are rare, other than selfsigned ones used in older Java -- and older Java never did DHE over 768). In any case, either look at the server software/configuration, or connect to it and see what you get e.g. with `openssl s_client`. Not posting as answer because this isn't really within the topic of this Stack.

knaccc

7/31/23, 3:47 PM

This depends on your implementation. E.g. if you have a Java server, you'd want to set the system parameter `jdk.tls.ephemeralDHKeySize=2048`

Mick8695

9/5/23, 5:44 PM

hi, which stack should I post it in?

Score:1

Crypto

poncho

7/31/23, 2:21 PM

Am I missing anything?

Actually, within the TLS protocol, the DH group used is not tied to the ciphersuite (even for ciphersuites that specify the use of DH); instead, those are negotiated separately (for DHE ciphersuites, the server proposes it within the ServerKeyExchange handshake).

I don't know what configurability your implementation has with regards to what DH groups is proposes/accepts - however, disabling specific ciphersuites may not be the correct method. Your implementation might have a built-in assumption that "for this specific ciphersuite, we always use that specific DH group" - that would not be my first guess.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do I ascertain the key length of some Diffie Hellman moduli to counteract the Log Jam vulnerability?

TH: ฉันจะทราบความยาวของคีย์ของโมดูล Diffie Hellman บางตัวเพื่อป้องกันช่องโหว่ Log Jam ได้อย่างไร

RO: Cum aflu lungimea cheii unor module Diffie Hellman pentru a contracara vulnerabilitatea Log Jam?

RU: Как определить длину ключа некоторых модулей Диффи-Хеллмана, чтобы противодействовать уязвимости Log Jam?

VI: Làm cách nào để xác định độ dài khóa của một số mô-đun Diffie Hellman để chống lại lỗ hổng Log Jam?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.