-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Ephemeral Diffie-Hellman Keys size of 1024 instead of 2048 #8
Comments
Hi @deleolajide, We talked about this in the OpenFire channel I seem to recall. I agree that enforcing high security levels for a public and publicly logged service like muc.xmpp.org is only of questionable benefit (which is also why I lowered the requirements for search.jabber.network in that regard). However, for two reasons I’d like to avoid lowering the limits:
For a rough idea about the risks of using a <2048 bit DH key see also the LogJam attack and related material. There are some common 1024 bit DH groups, and those may or may not be broken already. Using a custom 1024 bit DH group has the issue that it is Hard to determine whether a group is secure or not. The trade-offs for well-known vs. random DH groups have been discussed for a while now, and AFAIK there is no clear winner. Note that once a DH group has been broken with Logjam, the attack is purely passive. Transmitting better error messages would be desirable, but I’m afraid that is a problem with the TLS protocol which we cannot address here. Note that this is not special to xmpp.org. Debian has raised the minimum DH key size to 2048 by default, system-wide, with the release of Debian buster. Hence, I’m tempted to close as wontfix. |
I'll try lowering the security level on |
Though according to moparisthebest, the last Java version to only support 1024 DH was Java 7, EOL’d in 2015. I think this might be a problem with OpenFire defaults more than anything else. |
I think this might not be a problem since a configuration change a while ago that made the server prefer ECDHE over plain DHE. |
Although support for higher values has been added, the default values are lower. If I'm reading the JSSE reference right, then the default for Java 8 up until the most recent release to date (14) is to use 1024 bits. |
xmpp.org went offline recently and came back online with the DH key size set to 2048. This caused federation with XMPP servers using a size of 1024 to fail.
In the cases for Java based XMPP servers like Openfire (which use a default value of 1024 inherited from the JVM), the error message being recieved from xmpp.org was "handshake_failure" instead of "dh key size too small" and that made debugging difficult.
Unless there is a very compelling reason, can we please use the default 1024 instead of 2048.
The text was updated successfully, but these errors were encountered: