New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable DS to offer weaker DH params in NSS #1858
Comments
Comment from msauton at 2016-04-19 11:14:32 typo about NSS version: this is about nss-3.2x the DHE related changes appeared in nss-3.20 (logjam and other) the proposed draft to negotiate the DHE params applies by design to the larger primes after the logjam fix so the newer API from nss-3.20 with SSL_EnableWeakDHEPrimeGroup and a new config knob to wrongly and intentionally allow the pre-logjam DHE "weak" parameters to till connect with legacy clients may be a solution in desperate cases. more references: |
Comment from msauton at 2016-04-19 11:22:30 example a failing connection in SSL/TLS handshake with "legacy" client and a RHEL 6.7 system updated from batch update 6 release of 2016-Mar-22, with nss-3.21.0-0.3.el6_7.x86_64 and nss-softokn-3.14.3-23.el6_7.x86_64 server Hello, 2K bits prime and public key size in DHE params, non negotiable in this TLS session:
client Hello, could only handle 1K max, unhappy:
|
Comment from firstyear (@Firstyear) at 2016-04-19 12:24:14 msauton: I don't understand what you have done or are attempting to show with this trace. Can you please clarify? I think the proper test is:
This will highlight that the correct fix is to make a tunable for DS, that will trigger a call to SSL_EnableWeakDHEPrimeGroup(). SSL_EnableWeakDHEPrimeGroup() allows NSS to use 1024 bit primes, rather than the default 2048 or higher. |
Comment from nhosoi (@nhosoi) at 2016-04-21 02:38:18 Replying to [comment:4 Firstyear]:
For 1.7.0, we could use this definition as proposed by German in https://bugzilla.redhat.com/show_bug.cgi?id=1327065#c18?
Java 7 relnotes: |
Comment from firstyear (@Firstyear) at 2016-04-21 09:39:23 attachment |
Comment from firstyear (@Firstyear) at 2016-04-21 09:39:31 attachment |
Comment from firstyear (@Firstyear) at 2016-04-21 09:40:09 I think there is a better way to detect the present of the SSL_EnableWeakDHEPrimeGroup() function, but I can't get AC_CHECK_FUNCs to work properly. |
Comment from nhosoi (@nhosoi) at 2016-04-22 00:28:27 So, we are having another patch for this improvement (line 142, 143)? Luckily, since we have more and better workarounds for Java 1.6 and 1.7 (https://bugzilla.redhat.com/show_bug.cgi?id=1327065#c28), we don't have to rush. Please take your time to figure it out. If "AC_CHECK_FUNCS([SSL_DHEGroupPrefSet SSL_EnableWeakDHEPrimeGroup])" does not work to trigger to set HAVE_WEAKDHGROUP, the version number of NSS (e.g., #if NSS_VMAJOR * 100 + NSS_VMINOR >= 320) could be used alternatively.
I guess these defines could be put in #ifdef HAVE_WEAKDHGROUP, as well. |
Comment from firstyear (@Firstyear) at 2016-04-22 03:54:16 I think that I like your NSS_VMAJOR option better. I'll implement that. No, I have them there because I leave the function def for get_allow_weak_dh_param as:
This way, if a mistake happens, the function is there and still works? Maybe this is unnecessary.
Because I made a mistake :) |
Comment from firstyear (@Firstyear) at 2016-04-22 04:20:40 Apply Noriko's and Rob's comments |
Comment from firstyear (@Firstyear) at 2016-04-22 04:20:51 Apply Noriko's and Rob's comments |
Comment from firstyear (@Firstyear) at 2016-04-22 04:58:11 Fixed broken patch. |
Comment from firstyear (@Firstyear) at 2016-04-22 05:35:29 Fix to move defines into HAVZE |
Comment from firstyear (@Firstyear) at 2016-04-26 06:18:24 commit 877ba5fe5da349557788b1e7897ea7bacb4666a5 |
Comment from firstyear (@Firstyear) at 2016-04-26 10:14:16 commit 696d4321de0985ad28e747fb0c4a84697d995d31 branch 389-ds-base-1.3.4 commit 2fe85773b3a53d524cb10453e0919e46226f270d branch 389-ds-base-1.2.11 commit 50910ac |
Comment from nhosoi (@nhosoi) at 2016-05-05 23:24:53 Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1333515 |
Comment from firstyear (@Firstyear) at 2017-02-11 23:12:52 Metadata Update from @Firstyear:
|
Cloned from Pagure issue: https://pagure.io/389-ds-base/issue/48798
Certain client applications, especially java may crash with the following:
This affects java 1.6.0 and 1.7.0.
When nss upgrades to 2.21, it enables DH in ciphers. By default the smallest DH param size is 2048 bits.
However, java 1.6.0 and 1.7.0 can only accept up to 1024 bit params.
DS should have the option, to set NSS to offer smaller (weaker) param sizes for compatibility with older clients.
The text was updated successfully, but these errors were encountered: