[TLS] Sending Custom DHE Parameters in TLS 1.3

Michael D'Errico <mike-list@pobox.com> Mon, 12 October 2020 16:36 UTC

Return-Path: <mike-list@pobox.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDB7A3A15A3 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 09:36:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pobox.com header.b=Dwpv3tbB; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=pbxfPygP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZZy34VTRBXc5 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2020 09:36:36 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC2073A142E for <tls@ietf.org>; Mon, 12 Oct 2020 09:36:27 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id C47CE5C0079 for <tls@ietf.org>; Mon, 12 Oct 2020 12:36:26 -0400 (EDT)
Received: from imap21 ([10.202.2.71]) by compute4.internal (MEProxy); Mon, 12 Oct 2020 12:36:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pobox.com; h= mime-version:message-id:date:from:to:subject:content-type; s= fm1; bh=oj6FvKjwUM6Z0zgJd78Rk8FlUWXSldCKWpDk3pnXpHI=; b=Dwpv3tbB pFiKO5n0ribNIadpBYBTS7iz2sWwSrwgEw698LjhqjThxjYDAimnetB9f5O4InT/ CWYvphfQRPV+vnOVjcqzpXztfS4KGLBeeSIwY9Yv1H3Q4F4CmU4igWOe78wO64js YKRryitdkqqZfI5AqInMSt18GQt6Y861D6BtSbBxIXqjzSDhrpZSi8xk/K5VVSjq CIssJfDsUbi1sIEhhO69ZISqBcg4BSB7htFihetu1kQpAFY1l1kQ+iMOjEgemagn N351iEA2q9i1w+6yG52flES1y3wQwlOcuxQYJ2+lwLUDbxafKv1xM6ULO0irheLJ ddbswadBprp1Mw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=oj6FvKjwUM6Z0zgJd78Rk8FlUWXSl dCKWpDk3pnXpHI=; b=pbxfPygP8Qrht3kx3o7TIOeruxPgLAysP9ZXUWySNgGKe dpozmx0hMagHgHMoEBMLQLQIKs2rSRzzJbH9FSTvZYPXCsM81XdaUCLYLt2uGuko wZmUilYyr9A/famqNE2/IAZqgg4W6cASBC4XylgGpkK+ue9xJqPqO636NaBXWRjZ Ra/JEzcE5xZSGTAVUxZnYSHUM3Gswg6Cx4F2vMFudw4fK3ddg+1SETtf4aGyDUNv G4gsWlMNgcMIQ0LpO38btNK1PjtHhdKqEl24xVnvJT2AZ8/5j+MBNQoFolasXkcn nT4i7ldcnlWEeOnL7ObuNTtdgZLQr9RI4yifcqWTg==
X-ME-Sender: <xms:CoaEX2R-__6AMw2zNORRMNlgYDbmoSpjBeVlE9k9RYpaPiINVFzhfA> <xme:CoaEX7zEfKKuU4aWn5EoCyDGYZMas1MooE2KE-d1WZ5gZfh2BdyzrD2jDjurUP1ax 4YQsSducS4_AGeo5Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrheejgddutdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfofhitghhrggvlhcuffdkgfhrrhhitghofdcuoehmihhkvgdq lhhishhtsehpohgsohigrdgtohhmqeenucggtffrrghtthgvrhhnpeethffgtddvieetle ehueevheduhfdtudeuueeikeeiheehfeefvdfgudffkeelieenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmihhkvgdqlhhishhtsehpohgsoh igrdgtohhm
X-ME-Proxy: <xmx:CoaEXz0EkaTkzMtTLA5mHB8jDM9oJkgEEnCdATrO36bWSZb_1hDSaQ> <xmx:CoaEXyAIrW4x4BI4fdAEOMTN1DWIFIRDgN6eSdhwpM3l2czQbmFaRg> <xmx:CoaEX_j5vA4GGYDxAPkXYGK13zJHrdBN5zR9irPdKrcBwjZ7R1Ur1w> <xmx:CoaEX6vRM3tWhaAijPU9Uf5HlLJjRiWKpZvKrjmy8xsc1xFdfny7WA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 9427A660069; Mon, 12 Oct 2020 12:36:17 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-407-g461656c-fm-20201004.001-g461656c6
Mime-Version: 1.0
Message-Id: <8f57527d-efba-4d03-a3e5-f0ee33463d56@www.fastmail.com>
Date: Mon, 12 Oct 2020 12:36:06 -0400
From: "Michael D'Errico" <mike-list@pobox.com>
To: "TLS List" <tls@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/G23SbEpZjKJCtYRu_U9pqrKVEZE>
Subject: [TLS] Sending Custom DHE Parameters in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2020 16:36:38 -0000

Hi,

It appears that there may be a need to revert to the
old way of sending Diffie-Hellman parameters that
the server generates.  I see that TLS 1.3 removed
this capability*; is there any way to add it back?

Mike


*From RFC 8446:

- Other cryptographic improvements were made,
  including changing the RSA padding to use the RSA
  Probabilistic Signature Scheme (RSASSA-PSS), and
  the removal of compression, the Digital Signature
  Algorithm (DSA), and custom Ephemeral Diffie-
  Hellman (DHE) groups.