disabledAlgorithms "DHE keySize < 1024" support?

Bernd Eckenfels ecki at zusammenkunft.net
Sat May 23 15:48:25 UTC 2015


Am Sat, 23 May 2015 17:18:07 +0200
schrieb Bernd Eckenfels <ecki at zusammenkunft.net>:
> I searched the ClientHandshaker for usages of algorithmConstraints,
> and it does not use it for the DHE part. It only question
> KEY_AGREEMENT for cipher suite selection. (But I am not so famiiar
> with the code, maybe you can point me to a place where the DHE size
> would be validated).

I also run some connection test, it asks for the following permissions
on the user set AC of SSLParameters:

prim [KEY_AGREEMENT] TLSv1 with null
prim [KEY_AGREEMENT] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with null
prim [KEY_AGREEMENT] TLSv1.1 with null
prim [KEY_AGREEMENT] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with null
prim [KEY_AGREEMENT] TLSv1.2 with null
prim [KEY_AGREEMENT] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_RSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 with null
prim [KEY_AGREEMENT] TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 with null
...
prim [KEY_AGREEMENT] SSL_RSA_WITH_RC4_128_MD5 with null
prim [KEY_AGREEMENT] TLS_EMPTY_RENEGOTIATION_INFO_SCSV with null
prim [SIGNATURE] SHA512withECDSA with null
prim [SIGNATURE] SHA512withRSA with null
...
prim [SIGNATURE] MD5withRSA with null
prim [SIGNATURE] SHA384withRSA with null

prim [SIGNATURE] Sun RSA public key, 4096 bits, modulus: 59...
prim [SIGNATURE] SHA384withRSA with null
prim [SIGNATURE] Sun RSA public key, 2048 bits
prim [SIGNATURE] SHA384withRSA on Sun RSA public key
prim [SIGNATURE] SHA256withRSA with
prim [SIGNATURE] SHA256withRSA on Sun RSA

Cipher used TLSv1.2
  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

I do see some code which might be responsible for checking DHE
restrictions, but I cant get it to work. Neither with above user
algortihm constraints nor with the following disables line:

jdk.tls.disabledAlgorithms=MD5, RC4, SSLv3, DSA, RSA keySize < 2048,
DHE keySize < 1024, DiffieHellman keySize < 1024, DH keySize < 1024

So my guess, it cannot be controled currently.

Gruss
Bernd


More information about the security-dev mailing list