Re: [TLS] draft-sheffer-tls-bcp: DH recommendations

Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 22 September 2013 05:34 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA6DE21F9BF3 for <tls@ietfa.amsl.com>; Sat, 21 Sep 2013 22:34:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.435
X-Spam-Level:
X-Spam-Status: No, score=-102.435 tagged_above=-999 required=5 tests=[AWL=0.164, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ooyjaU-NHEQ5 for <tls@ietfa.amsl.com>; Sat, 21 Sep 2013 22:34:29 -0700 (PDT)
Received: from mail-ee0-x231.google.com (mail-ee0-x231.google.com [IPv6:2a00:1450:4013:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id 0B65A21F9BF1 for <tls@ietf.org>; Sat, 21 Sep 2013 22:34:25 -0700 (PDT)
Received: by mail-ee0-f49.google.com with SMTP id d41so1021426eek.22 for <tls@ietf.org>; Sat, 21 Sep 2013 22:34:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=hiT2uWFJH5cMhtEsGsFBkVksB+3w3eIdnmvZRS1QeHE=; b=zpK1RYZoa+HYBU0itLfxuU6rWau0wrru0WdSFOMj3B8HA9goeEVSMlli0tFv9balOX /Awim9I9QStUWI7ohkKn3By6+vVfPrVcTq9lcP/hp7nYOSNuryZSBIBL/kTuw30f6ulQ gnWM34l1UwbMNwN6PNZh4n2mffO9P1ttivpLEFmTaiSGZ8RXW1O8wtlxtg0KBUp6cGk8 6ENbaHVwQsJR9u0sPmg4to/sNxSAR+T7ZK2TlxHLZ54EYziSTjaJ+e79ghdHwLVHJpNM i/9NkqPtDDY/VxWkgJS1/FS2r56UwpepkC8VtwEz9h9nhRc2gOv7FVmTBuY11jAHVL2Q cG8A==
X-Received: by 10.14.210.8 with SMTP id t8mr24760934eeo.39.1379828065196; Sat, 21 Sep 2013 22:34:25 -0700 (PDT)
Received: from [10.0.0.8] ([109.64.175.213]) by mx.google.com with ESMTPSA id a43sm31692748eep.9.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 21 Sep 2013 22:34:24 -0700 (PDT)
Message-ID: <523E815E.8080902@gmail.com>
Date: Sun, 22 Sep 2013 08:34:22 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Yoav Nir <ynir@checkpoint.com>
References: <9A043F3CF02CD34C8E74AC1594475C735567407D@uxcn10-6.UoA.auckland.ac.nz> <A3161699-0975-403C-B9C1-8BE548062949@mac.com> <523DCC5D.9040707@pobox.com> <523E2F56.9040307@funwithsoftware.org> <3E26A3FE-2491-4D48-BBE9-A11B995CD28D@checkpoint.com>
In-Reply-To: <3E26A3FE-2491-4D48-BBE9-A11B995CD28D@checkpoint.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Patrick Pelletier <code@funwithsoftware.org>, "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] draft-sheffer-tls-bcp: DH recommendations
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2013 05:34:29 -0000

It's not "only" Java, it's Windows (Internet Explorer), too. See 
http://blog.ivanristic.com/2013/08/increasing-dhe-strength-on-apache.html, 
last paragraph.

Thanks,
	Yaron

On 09/22/2013 07:00 AM, Yoav Nir wrote:
>
> On Sep 22, 2013, at 2:44 AM, Patrick Pelletier <code@funwithsoftware.org> wrote:
>
>> On 9/21/13 9:42 AM, Michael D'Errico wrote:
>>
>>> The problem is that there apparently is lots of TLS code which can only
>>> handle
>>> 1024-bit DH parameters and would break if a server sent larger parameters.
>>
>> Doesn't this "lots of TLS code" boil down to just Java?  That's the only implementation I've heard of that supports DHE_RSA but chokes on 2048 DH.  Is there another?
>
> There's also Apache, the most common web server on the web, that doesn't have configuration parameters for EDH key lengths, and tells OpenSSL to use 1024 bits.
>