dh key too small
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ADCH++ |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When creating a new certificate, we use the script `linux/
It uses this command:
$ openssl dhparam -outform PEM -out dhparam.pem 1024
which mean "use a Diffie-Hellman key of 1024 bits"
Sadly, Logjam Attack occurs on DH key <=1024 bits.
In the way to "fix" that, debian software can't connect anymore on ADCS hub that have a DH key <=1024 bits.
See https:/
> If you run a server… [...] you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group.
You can so fix the issue by modifying
$ openssl dhparam -outform PEM -out dhparam.pem 1024
to
$ openssl dhparam -outform PEM -out dhparam.pem 2048
Cheers
Changed in adchpp: | |
status: | New → Fix Committed |
Related: https:/ /github. com/airdcpp- web/airdcpp- webclient/ issues/ 333