[openssl-dev] [openssl.org #3854] openssl.cnf in openssl-1.0.1m still uses default_bits=1024

[Emilia Käsper via RT]

We cleaned this up a little:

- crypto/conf/ssleay.cnf was obsolete and is gone from the master branch.
- the req app now uses 2048 bits as a default if no other defaults are given.

ssleay.txt is already gone from the master branch, and the test/ ones are used
in tests.

Cheers,
Emilia

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3854
Please log in as guest with password guest if prompted

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3854] openssl.cnf in openssl-1.0.1m still uses default_bits=1024

[Emilia Käsper via RT]

1.0.1m predates Logjam. We changed DH key generation to use 2048 bits by
default in OpenSSL 1.0.1n which is the first 1.0.1 release after.

The default_bits in apps/openssl.cnf is a sample certificate request
configuration and isn't really related to Logjam. But we changed it as well as
other key generation apps to use 2048 bits more comprehensively in 1.0.2.

More context:
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/

All these other conf files look like very old demo examples. They should
probably be cleaned up. I'm leaving this ticket open to remind us.

Cheers,
Emilia

___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #3854] openssl.cnf in openssl-1.0.1m still uses default_bits=1024

[kolafl...@kolahilft.de via RT]

Hi!

I just read about the Logjam attack to Diffie-Hellman.

https://weakdh.org/imperfect-forward-secrecy.pdf
| We provide new estimates for the computational resources necessary
| to compute discrete logarithms in groups of these sizes, concluding
| that 768-bit groups are within range of academic teams, and
| 1024-bit groups may plausibly be within range of state-level
| attackers.

(in German)
http://www.heise.de/newsticker/meldung/Logjam-Attacke-Verschluesselung-von-zehntausenden-Servern-gefaehrdet-2657502.html

openssl-1.0.1m still comes with
  default_bits  = 1024
in apps/openssl.cnf (in the source tar-archive).

Looks like openssl-1.0.2a has been upgraded to at least 2048.


Did you consider to raising openssl-1.0.1m up to 1024 bits too?


Additionally I found some more places with less than 2048 in the 
openssl-1.0.1m source tar-archive. But I'm not sure if those values may not be 
relevant or just for testing purposes:

./test/P2ss.cnf:10:default_bits = 1024
./test/CAtsa.cnf:54:default_bits= 1024
./test/P1ss.cnf:10:default_bits = 1024
./test/test.cnf:59:default_bits = 1024
./apps/openssl-vms.cnf:106:default_bits = 1024
./apps/openssl.cnf:106:default_bits = 1024
./crypto/conf/ssleay.cnf:15:default_bits= 512
./crypto/conf/ssleay.cnf:19:default_bits= 512
./crypto/conf/ssleay.cnf:51:default_bits= 512
./doc/apps/req.pod:534: default_bits= 1024
./doc/apps/req.pod:575: default_bits= 1024
./doc/ssleay.txt:6935:default_bits  = 512   # default number of 
bits to use.


openssl-1.0.2a.tar.gz looks similar:

./test/P2ss.cnf:10:default_bits = 1024
./test/CAtsa.cnf:54:default_bits= 1024
./test/P1ss.cnf:10:default_bits = 1024
./test/test.cnf:59:default_bits = 1024
./crypto/conf/ssleay.cnf:15:default_bits= 512
./crypto/conf/ssleay.cnf:19:default_bits= 512
./crypto/conf/ssleay.cnf:51:default_bits= 512
./doc/apps/req.pod:534: default_bits= 1024
./doc/apps/req.pod:575: default_bits= 1024
./doc/ssleay.txt:6935:default_bits  = 512   # default number of 
bits to use.



Kind regards,

kolAflash



-- 
E-Mail: kolafl...@kolahilft.de
PGP key: 0xD83C3408
http://misc.kolahilft.de/pgp/kolAflash_0xD83C3408.asc
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
https://de.wikipedia.org/wiki/OpenPGP
Chat via Jabber/XMPP: kolafl...@jabber.ccc.de
https://en.wikipedia.org/wiki/XMPP
https://de.wikipedia.org/wiki/XMPP


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev