[Ach] dhparams, java, nginx & apache

Adi Kriegisch adi at kriegisch.at
Tue Nov 12 11:47:06 CET 2013 

Hi!

After the meeting yesterday I started investigating increasing dhparams a
little more. The sad news:
* Apache only very recently got support for dhparams greater than 1024bit.
  In the upstream version (2.4.x) it uses the RSA key size for dhparams.
  (provided you have a 4096bit key, it uses 4096bit dhparams).[1]
* Java6 *and* Java7 only support dhparams up to 1024bit. The upcoming Java8
  will support dhparams > 1024bit[2].
  There seems to be a fix (which is for most sites impracticable): Install
  "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
  Files" that seem to allow dhparams greater than 1024bit (and probably
  stronger cipher suites too).
  There is a little tool[3] to test maximum supported dhparams size.
* Java supports eg. TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x00,0x6B),
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC0,0x28) and some others[4] that
  aren't listed in the ssllabs[5] overview. So propably those need to be
  enabled by a suiting policy first (JCE).
The better news:
* nginx supports dhparams with no obvious limitations. This leads to some
  funny results[5] on the ssllabs test for our git repo.
To mitigate this limitation in apache we could suggest running nginx as a
proxy in front. I think we need to recommend dhparam sizes greater than
2048bit.
So for those in need of Java being able to still connect to their site,
Forward Secrecy probably isn't an option -- at least not with DHE/EDH.

If you do not object, I'll try to find a proper wording for this and add i
to our document.

-- Adi

[1] http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html
[2] http://stackoverflow.com/questions/6851461/java-why-does-ssl-handshake-give-could-not-generate-dh-keypair-exception
[3] https://gist.github.com/ppelleti/6275452
[4] http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
[5] https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=7u25
[6] https://www.ssllabs.com/ssltest/analyze.html?d=git.bettercrypto.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/88441fea/attachment.sig>

More information about the Ach mailing list