Ssl_dhparam compatibility issues?

Detlef_R · May 23, 2015, 5:20pm

I’m using Mozilla’s “Old backward compatibility” ssl_ciphers so I feel
good about my compatibility there, but does the following open me up
to potential compatibility problems:

openssl dhparam -out dhparams.pem 2048

nginx.conf:
ssl_dhparam {path to dhparams.pem}

https://wiki.mozilla.org/Security/Server_Side_TLS

Grant

casper_the_ghost · May 23, 2015, 5:26pm

On 2015-05-23 11:19, Grant wrote:

I’m using Mozilla’s “Old backward compatibility” ssl_ciphers so I
feel
good about my compatibility there, but does the following open me up
to potential compatibility problems:

openssl dhparam -out dhparams.pem 2048

DHE params larger than 1024 bits are not compatible with java 6/7
clients.
If you need compatibility with those clients, use a DHE of 1024 bits,
or disable DHE entirely.

Julien

casper_the_ghost · May 23, 2015, 5:40pm

I’m using Mozilla’s “Old backward compatibility” ssl_ciphers so I feel
good about my compatibility there, but does the following open me up
to potential compatibility problems:

openssl dhparam -out dhparams.pem 2048

DHE params larger than 1024 bits are not compatible with java 6/7 clients.
If you need compatibility with those clients, use a DHE of 1024 bits, or
disable DHE entirely.

My server is open to the internet so I’d like to maintain
compatibility with as many clients as possible, but I don’t serve any
java apps. Given that, will DHE params larger than 1024 bits affect
my compatibility?

If so, I believe a DHE of 1024 bits opens me to the LogJam attack, so
if I disable DHE entirely will that affect my compatibility?

Grant

casper_the_ghost · May 23, 2015, 9:54pm

You’re entirely misunderstanding logjam.

The actual logjam attack refers to a flaw in the tls protocol that would
allow mitm attackers to downgrade a connection to an export cipher. This
is only possible if your server supports export-grade ciphers, which it
should not if you’re following mozillas guide.

Using a 1024 bit dh param does not “open you” to any attack. According
to the authors of the freak/logjam disclosure, use of a common 1024 bit
dh param potentially allows for threats from nation-state adversaries.
If you’ve pissed off the NSA, forget about legacy comparability with
java nonsense and use a custom 2048 (or higher) param. If you’re
paranoid about supporting grandmas java app, stick with the default.