[Ach] Dovecot DH parameters

Hanno Böck hanno at hboeck.de
Tue Feb 10 14:33:13 CET 2015

On Tue, 10 Feb 2015 14:24:57 +0100
Leon Weber <leon at leonweber.de> wrote:

> This makes me wonder:  Would it make sense to include a config
> statement to change (1) to a larger value in the bettercrypto.org
> manual?

Probably yes.

Unfortunately we lack a good configuration check tool like the qualys
ssltest to check pop3/imap configs.

> Regarding (2):  If I understand RFC 7457 section 2.9 correctly, it
> advises against generating DH params yourself.  Hence, is it
> reasonable to disable parameter regeneration and supply dovecot with
> a pregenerated parameter file?

I think you don't understand that correctly.

What this text suggests is a new extension to pre-define DH parameters.
However that's currently only a draft. You can't use it.
This is the result of discussions in the context of the triple
handshake attack where a server could attack a client certificate
authentication by sending weak DH parameters. When your parameters
aren't actively malicious the only thing that matters is their group

There's no security advantage of eihter using pre-defined parameters by
the application or your own. It just doesn't matter. If dovecot uses
1024 bit you should use your own.

(there's lots of confusion about these DH params... E.g. there seems
also to be a persistent myth that you cannot share the same params
between servers - which is totally bogus)

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150210/53ebd23f/attachment.sig>

More information about the Ach mailing list