|
Fixing Logjam by changing Diffie-Hellman parametersYou have probably heard of the Logjam attack against the TLS protocol. It affects TLS configurations with forward secrecy that use the same prime numbers for Diffie-Hellman key exchange. You also may use a low security prime number. The research team that has published information about the Logjam attack estimates that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Unfortunately 1024 bit primes are common in a lot of server software. Using Diffie-Hellman key exchange should be done with prime numbers equal 2048 bit and above. Postfix allows you to use individual parameter sets. Sysadmins should consult the Guide to Deploying Diffie-Hellman for TLS. For Apache users out there, try to run at least version 2.4.7 or better. If this is not an option, you can wait for the release of 2.2.30 and compile it with LibreSSL or use it with OpenSSL 0.9.8a (or later version). Compiling Apache 2.2.x with LibreSSL requires you to remove the ENGINE_CTRL_CHIL_SET_FORKCHECK macro in modules/ssl/ssl_engine_init.c. Furthermore you need to remove the reference to the compress_meth member of the SSL_SESSION structure. The reference can be found in modules/ssl/ssl_engine_vars.c beginning in line 838. Actually you can remove the whole if (pSession] {…} section. LibreSSL has removed support for compression due to security reasons. Lastly you have to remove references to the RAND_EGD PRNG (reference can be found in modules/ssl/ssl_engine_rand.c, look for HAVE_SSL_RAND_EGD and remove these sections).
|