[Ach] dhparams, java, nginx & apache
Adi Kriegisch
adi at kriegisch.at
Tue Nov 12 11:47:06 CET 2013
Hi!
After the meeting yesterday I started investigating increasing dhparams a
little more. The sad news:
* Apache only very recently got support for dhparams greater than 1024bit.
In the upstream version (2.4.x) it uses the RSA key size for dhparams.
(provided you have a 4096bit key, it uses 4096bit dhparams).[1]
* Java6 *and* Java7 only support dhparams up to 1024bit. The upcoming Java8
will support dhparams > 1024bit[2].
There seems to be a fix (which is for most sites impracticable): Install
"Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
Files" that seem to allow dhparams greater than 1024bit (and probably
stronger cipher suites too).
There is a little tool[3] to test maximum supported dhparams size.
* Java supports eg. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x00,0x6B),
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC0,0x28) and some others[4] that
aren't listed in the ssllabs[5] overview. So propably those need to be
enabled by a suiting policy first (JCE).
The better news:
* nginx supports dhparams with no obvious limitations. This leads to some
funny results[5] on the ssllabs test for our git repo.
To mitigate this limitation in apache we could suggest running nginx as a
proxy in front. I think we need to recommend dhparam sizes greater than
2048bit.
So for those in need of Java being able to still connect to their site,
Forward Secrecy probably isn't an option -- at least not with DHE/EDH.
If you do not object, I'll try to find a proper wording for this and add i
to our document.
-- Adi
[1] http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html
[2] http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-give-could-not-generate-dh-keypair-exception
[3] https://gist.github.com/ppelleti/6275452
[4] http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
[5] https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=7u25
[6] https://www.ssllabs.com/ssltest/analyze.html?d=git.bettercrypto.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/88441fea/attachment.sig>
More information about the Ach
mailing list