----- Original Message ----- > From: "Benny Baumann" <be...@geshi.org> > To: openbsd-t...@openbsd.org, openssl-dev@openssl.org > Sent: Wednesday, 2 July, 2014 8:49:18 PM > Subject: [PATCH] LibReSSL/OpenSSL: Adjust/remove keysize restrictions > > Hi folks, > > I know the following patches will cause a controversy just like the > issues they resolve caused me and several other people headaches when > debugging them. > > But first things first. The attached patches (intentionally) do the > following two things: > > 1. Adjust the limit for maximum allowed size of a received public key to > be increased from 516 bytes (just barely enough for 4 KBit RSA public > keys) up to 8200 bytes (enough for 64KBit RSA keys with some minor margin) > > 2. Remove the crippling of the DH/DSA routines for working with at most > 10kBit parameters.
Current general recommendation is that if you require more than 128 bit security you shouldn't be using RSA or DHE in the first place but use ECC. Just generating 16k DH params takes inordinate amount of time. With 4096 bit DH parameters I'm getting less than 20 key exchanges a second with a fast i7 CPU. I'd hazard a guess that with 16k DH you'll be able to do less than 1 key exchange a second. That's a very neat way to DoS your server. I won't even mention the whole issue of actually configuring TLS for more than 128 bit security... -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hka...@redhat.com Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
