** Changed in: adchpp
Status: New => Fix Committed
--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to ADCH++.
https://bugs.launchpad.net/bugs/1850053
Title:
dh key too small
Status in ADCH++:
Fix Committed
Bug description:
When creating a new certificate, we use the script `linux/generate_certs.sh`
It uses this command:
$ openssl dhparam -outform PEM -out dhparam.pem 1024
which mean "use a Diffie-Hellman key of 1024 bits"
Sadly, Logjam Attack occurs on DH key <=1024 bits.
In the way to "fix" that, debian software can't connect anymore on ADCS hub
that have a DH key <=1024 bits.
See https://weakdh.org/ for more security info, but tldr:
> If you run a server… [...] you should disable support for export cipher
suites and use a 2048-bit Diffie-Hellman group.
You can so fix the issue by modifying
$ openssl dhparam -outform PEM -out dhparam.pem 1024
to
$ openssl dhparam -outform PEM -out dhparam.pem 2048
Cheers
To manage notifications about this bug go to:
https://bugs.launchpad.net/adchpp/+bug/1850053/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~linuxdcpp-team
Post to : linuxdcpp-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~linuxdcpp-team
More help : https://help.launchpad.net/ListHelp
