On 05/20/15 23:48, Xin Li wrote: > The document at https://weakdh.org/sysadmin.html gives additional > information for individual daemons, including Apache (mod_ssl), nginx, > lighttpd, Tomcat, postfix, sendmail, dovecot and HAProxy.
The part of that https://weakdh.org/ site that concerns me most is the statement about 25.7% of SSH servers being vulnerable if the 1024bit D-H group is broken. We've got pretty good instructions for hardening anything that uses TLS against this attack, but not a lot on SSH. About the only relevant thing I've found is: http://blog.mro.name/2015/05/hardening-ssh-debian-wheezy/ which inter-alia suggests upgrading to OpenSSH-6.6 -- which has been in FreeBSD-10 since March ---, modifying some config parameters: KexAlgorithms, Ciphers, MACs and then regenerating ed25519 and rsa host keys. Err... what? How are ed25519 and rsa host keys affected by a downgrade attack on Diffie-Helman? Cheers, Matthew
signature.asc
Description: OpenPGP digital signature