ssl_dhparam compatibility issues?
rpaprocki at fearnothingproductions.net
Sat May 23 19:53:54 UTC 2015
You're entirely misunderstanding logjam.
The actual logjam attack refers to a flaw in the tls protocol that would allow mitm attackers to downgrade a connection to an export cipher. This is only possible if your server supports export-grade ciphers, which it should not if you're following mozillas guide.
Using a 1024 bit dh param does not "open you" to any attack. According to the authors of the freak/logjam disclosure, use of a common 1024 bit dh param potentially allows for threats from nation-state adversaries. If you've pissed off the NSA, forget about legacy comparability with java nonsense and use a custom 2048 (or higher) param. If you're paranoid about supporting grandmas java app, stick with the default.
On May 23, 2015, at 8:39, Grant <emailgrant at gmail.com> wrote:
>>> I'm using Mozilla's "Old backward compatibility" ssl_ciphers so I feel
>>> good about my compatibility there, but does the following open me up
>>> to potential compatibility problems:
>>> # openssl dhparam -out dhparams.pem 2048
>> DHE params larger than 1024 bits are not compatible with java 6/7 clients.
>> If you need compatibility with those clients, use a DHE of 1024 bits, or
>> disable DHE entirely.
> My server is open to the internet so I'd like to maintain
> compatibility with as many clients as possible, but I don't serve any
> java apps. Given that, will DHE params larger than 1024 bits affect
> my compatibility?
> If so, I believe a DHE of 1024 bits opens me to the LogJam attack, so
> if I disable DHE entirely will that affect my compatibility?
> - Grant
> nginx mailing list
> nginx at nginx.org
More information about the nginx