[Ach] dhparams, java, nginx & apache

Adi Kriegisch adi at kriegisch.at
Tue Nov 12 11:47:06 CET 2013


After the meeting yesterday I started investigating increasing dhparams a
little more. The sad news:
* Apache only very recently got support for dhparams greater than 1024bit.
  In the upstream version (2.4.x) it uses the RSA key size for dhparams.
  (provided you have a 4096bit key, it uses 4096bit dhparams).[1]
* Java6 *and* Java7 only support dhparams up to 1024bit. The upcoming Java8
  will support dhparams > 1024bit[2].
  There seems to be a fix (which is for most sites impracticable): Install
  "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
  Files" that seem to allow dhparams greater than 1024bit (and probably
  stronger cipher suites too).
  There is a little tool[3] to test maximum supported dhparams size.
* Java supports eg. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x00,0x6B),
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC0,0x28) and some others[4] that
  aren't listed in the ssllabs[5] overview. So propably those need to be
  enabled by a suiting policy first (JCE).
The better news:
* nginx supports dhparams with no obvious limitations. This leads to some
  funny results[5] on the ssllabs test for our git repo.
To mitigate this limitation in apache we could suggest running nginx as a
proxy in front. I think we need to recommend dhparam sizes greater than
So for those in need of Java being able to still connect to their site,
Forward Secrecy probably isn't an option -- at least not with DHE/EDH.

If you do not object, I'll try to find a proper wording for this and add i
to our document.

-- Adi

[1] http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html
[2] http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-give-could-not-generate-dh-keypair-exception
[3] https://gist.github.com/ppelleti/6275452
[4] http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
[5] https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=7u25
[6] https://www.ssllabs.com/ssltest/analyze.html?d=git.bettercrypto.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/88441fea/attachment.sig>

More information about the Ach mailing list