ADCH++

dh key too small

Bug #1850053 reported by Kcchouette
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ADCH++
Fix Released
Undecided
Unassigned

Bug Description

When creating a new certificate, we use the script `linux/generate_certs.sh`
It uses this command:
 $ openssl dhparam -outform PEM -out dhparam.pem 1024
which mean "use a Diffie-Hellman key of 1024 bits"

Sadly, Logjam Attack occurs on DH key <=1024 bits.
In the way to "fix" that, debian software can't connect anymore on ADCS hub that have a DH key <=1024 bits.

See https://weakdh.org/ for more security info, but tldr:
 > If you run a server… [...] you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group.

You can so fix the issue by modifying
 $ openssl dhparam -outform PEM -out dhparam.pem 1024
to
 $ openssl dhparam -outform PEM -out dhparam.pem 2048

Cheers

Tags: dh openssl
Revision history for this message
Kcchouette (kcchouette) wrote :
information type: Private Security → Public Security
Revision history for this message
maksis (maksis) wrote :

Related: https://github.com/airdcpp-web/airdcpp-webclient/issues/333

Revision history for this message
Kcchouette (kcchouette) wrote :

Do not forget to update your website this part: http://adchpp.sourceforge.net/user_guide/basic_guide.html#_setting_up_ports

 $ openssl dhparam -outform PEM -out dhparam.pem 1024
to
 $ openssl dhparam -outform PEM -out dhparam.pem 2048

eMTee (realprogger)
Changed in adchpp:
status: New → Fix Committed
Revision history for this message
eMTee (realprogger) wrote :

Fixed in ADCH++ 3.0.0

Changed in adchpp:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.