Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.

Need to change to 2048 bit DH groups in TLS for notifications #229

Open
yaronyg opened this issue Oct 25, 2015 · 3 comments
Open

Need to change to 2048 bit DH groups in TLS for notifications #229

yaronyg opened this issue Oct 25, 2015 · 3 comments
Assignees
Milestone

Comments

@yaronyg
Copy link
Member

yaronyg commented Oct 25, 2015

Given the recent concerns over possible breaks of 1024 bit DH keys we need to make sure our openssl configuration for DHE_PSK_WITH_AES_256_GCM_SHA384 uses a 2048 bit DH key. Note that we don't currently appear to have the option to switch to ECDHE since OpenSSL doesn't appear to support it for PSK with AES_256_GCM.

@cicorias
Copy link
Member

cicorias commented Jan 14, 2016

@yaronyg let's call this one - "migrated to DH key usage on current port of prior Node PSK aged Pull Request - see this

@cicorias
Copy link
Member

cicorias commented Jan 14, 2016

@yarong 3 - 5 days, again w/ context switching the high side.

@yaronyg yaronyg removed this from the New Infra milestone Feb 19, 2016
@yaronyg yaronyg added this to the V1 milestone Aug 3, 2016
@yaronyg
Copy link
Member Author

yaronyg commented Aug 3, 2016

This is going first to @enricogior because we need to get support for the right ciphers in OpenSSL. Then we need to change our Node code to call them.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants