Re: Unsecure use of DH-Cipher

Tue, 10 Mar 2015 09:37:41 -0700 

Am 10.03.2015 um 17:16 schrieb Robert Paasche:

Hi guys,

as requested by chris some explanation to the problem.

The problem is, that openssl call the method  "SSL_callback_tmp_DH" with keylen
value of 512 or 1024. This cause that the cipher of the ssl handshake (key
exchange) for a ssl-connection will never be longer as 1024 bit, even if
the private key is longer (2048 bit and more are very common).

The needed changes to ensure that the used cipher has at least the length
of the private key are posted as a comment to the ticket
https://bz.apache.org/bugzilla/show_bug.cgi?id=56108

Explained code changes:

Get the Privatekey:
   pkey = SSL_get_privatekey(ssl);
   type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;

if the encryption algorithem is either RSA or DSA we override the given
keylen parameter to match the length of the private key:
   keylen = EVP_PKEY_bits(pkey);

This changes ensure Perfect Forward Secrecy (PFS) for DH key exchange usage.

The changes is based of the lines 1339 - 1357 from the following file of
mod_ssl:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?view=markup

For a more detailed description of this problem can be found on:
http://security.stackexchange.com/a/42816


Some more data points: the change in httpd was introduced by

http://svn.apache.org/viewvc?view=revision&revision=1542327
in November. It is a backport to httpd 2.4 from trunk of the following 5 changes: 

http://svn.apache.org/viewvc?view=revision&revision=1526168

http://svn.apache.org/viewvc?view=revision&revision=1527291

http://svn.apache.org/viewvc?view=revision&revision=1527294

http://svn.apache.org/viewvc?view=revision&revision=1527295

http://svn.apache.org/viewvc?view=revision&revision=1527926
(not relevant here)
The r1527295 change contains the following change which IMHO is the one in question: 

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?r1=1527295&r2=1527294&pathrev=1527295

Most of the other listed changes might be interesting as well.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to