Hi RĂ©mi, On Fri, May 29, 2015 at 04:36:49PM +0200, Remi Gacogne wrote: > >> I expect to be able to send the ssl-dh-param-file patch tomorrow, as it > >> is mostly written (but not well tested yet), as well as the patch to > >> move from 1024-bit DH to 2048-bit by default. > > > > Great! Do you think it would make sense to backport the ssl-dh-param-file > > to 1.5 ? I mean, will some users need this in the short term (or said > > differently, may we use this as an incentive to be more careful about > > that ?). > > Here it is. Yes, while I am of course a bit reluctant about the idea of > adding a new feature in 1.5, I think it makes sense to backport this one > because it makes it easier to use custom DH parameters, which is the > best option security-wise.
I agree. > Note that if we decide to go the safe way by > not backporting it, it is still possible to work around and do the same > thing by adding custom DH parameters to each cert file. Sure but I can already bet that most users who have their DH params in their cert file will not update them anyway :-/ > > Also for 1.5.13 as I understand it, I should regenerate a new dhparam-1024 > > to get rid of oakley group 2. I'll need some directions on how to do this > > correctly. > > Yes, of course. I am attaching a patch that replace all the hard-coded > DH parameters by new ones, removing the 8192-bit one in the process > because I don't think it will ever be used (it's just too CPU-intensive, > especially now that ECDHE is widely available). Just replace the content > of dh1024_p, dh1024_g, dh2048_p, dh2048_g, dh4096_p and dh4096_g by the > values you get from running those commands on your own host (preferably > with some entropy available): > > $ openssl dhparam 1024 -C > $ openssl dhparam 2048 -C > $ openssl dhparam 4096 -C > > Please don't hesitate to get back to me if needed, I know I have the bad > habit of skipping crucial steps in my explanations. Thank you, that was pretty clear and easy. I checked that I was running with about 2 kb of entropy before the tests and that I was alone on the machine, so I'm confident that what I did wasn't skewed. I pushed this into 1.6. I'd rather issue -dev2 with it, wait a little bit then backport it into 1.5 if we don't get any negative feedback. We might have to help distro maintainers prepare some arguments to backport this. Thanks, Willy