Stop recommending DHE, because of "dheater" vulnerability :CVE-2002-20001

[stardrift1]

These guys found a way to saturate the server CPU core to 100% using as little as 5 KB/s of incoming traffic. The pre-requisite is that the server supports DHE as the key exchange. Therefore, to avoid creating such a vulnerable configuration, I propose removing DHE from the SSL_DEFAULT_CIPHER_LIST or TLS_DEFAULT_CIPHERSUITES.

[stardrift1]

@mattcaswell as the test done by us, the "dheater" can make our openssl s_server Occupy 90% +CPU,is this normal？

[mattcaswell]

For reference see this issue which seems relevant:
mozilla/server-side-tls#299

Also see:
https://github.com/Balasys/dheater

The CVE record links to this academic paper (which dates from 2000) - in particular see section 5.7:
https://www.researchgate.net/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol

This probably requires some OTC consideration. My initial reaction is that there doesn't seem to be anything new here - other than the assignment of a CVE. (Although I'm a little confused by the "2002" year in the CVE number, even though this was only recently assigned).

Question for OTC: How should we respond to CVE-2002-20001?

[vdukhovni]

I didn't see anything in the paper to suggest that the DoS issue is specifically related to DHE and not ECDHE. Did I miss something?

[mattcaswell]

OTC: We will not change the default cipher list at this time.

[stardrift1]

OTC: We will not change the default cipher list at this time.
Is This mean that this CVE isn't a Vulnerability

[mattcaswell]

We do not consider this to be a vulnerability in OpenSSL.

[setharnold]

@mattcaswell jfyi many of the CVE CNAs will assign a CVE number where the year portion represents the earliest known public discussion of an issue.