disabledAlgorithms "DHE keySize < 1024" support?
xuelei.fan at oracle.com
Sat May 23 15:35:36 UTC 2015
On 5/23/2015 11:18 PM, Bernd Eckenfels wrote:
> Am Sat, 23 May 2015 22:16:16 +0800
> schrieb Xuelei Fan <xuelei.fan at oracle.com>:
>> I did not get your ideas in the previous mail.
>> "jdk.tls.disabledAlgorithms" is expected to work to disable weak DH
>> keys (for example, ""DHE keySize < 768"). Can you describe your
>> concern more?
> This is exactly what I want to do. In order for a client to protect
> against a Logjam attack it has to reject DHE groups with a prime
> smaller than a safe size. This is at least 768 bit but more security
> sensitive installation might want to restrict >1024 or even >2048 bit as
> Unfortiunatelly Java Clients accept 512bit (even when they do not offer
> export grade ciphers). So a minimum fix would be to only accept 512bit
> if it was offering export crypto. However making the minimum
> configurable would be even better.
> The current mechanism to restrict ciphers by key length does however
> not work, it seems. I suspect it only works for explicitely geenrated
> DH parameters but not received DHE groups.
I see your point.
> I searched the ClientHandshaker for usages of algorithmConstraints, and
> it does not use it for the DHE part. It only question KEY_AGREEMENT for
> cipher suite selection. (But I am not so famiiar with the code, maybe
> you can point me to a place where the DHE size would be validated).
> Thinking about it, it might be possible to register an own
> DiffieHellmann provider to enforce a limit, hm.
More information about the security-dev