Re: [TLS] Sending Custom DHE Parameters in TLS 1.3

Peter Gutmann <> Mon, 12 October 2020 23:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F03973A0D02 for <>; Mon, 12 Oct 2020 16:42:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kiJ3d879RcfO for <>; Mon, 12 Oct 2020 16:42:14 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 493013A0CFA for <>; Mon, 12 Oct 2020 16:42:13 -0700 (PDT)
Received: from ( []) (Using TLS) by with ESMTP id au-mta-83-mDqtyl7yPFewghWVqBGB_Q-1; Tue, 13 Oct 2020 10:42:10 +1100
X-MC-Unique: mDqtyl7yPFewghWVqBGB_Q-1
Received: from PS2P216CA0095.KORP216.PROD.OUTLOOK.COM (2603:1096:300:2c::33) by (2603:10c6:220:54::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.22; Mon, 12 Oct 2020 23:42:07 +0000
Received: from (2603:1096:300:2c:cafe::6) by (2603:1096:300:2c::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21 via Frontend Transport; Mon, 12 Oct 2020 23:42:06 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=none action=none
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3455.23 via Frontend Transport; Mon, 12 Oct 2020 23:42:05 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 13 Oct 2020 12:42:00 +1300
Received: from ([]) by ([]) with mapi id 15.00.1497.006; Tue, 13 Oct 2020 12:42:00 +1300
From: Peter Gutmann <>
To: Ilari Liusvaara <>, Michael D'Errico <>
CC: TLS List <>
Thread-Topic: [TLS] Sending Custom DHE Parameters in TLS 1.3
Thread-Index: AQHWoLX3OjsE/emnlECFuRHL7D1JAamTXvQAgAFBt10=
Date: Mon, 12 Oct 2020 23:41:59 +0000
Message-ID: <>
References: <>, <20201012172852.GA2560734@LK-Perkele-VII>
In-Reply-To: <20201012172852.GA2560734@LK-Perkele-VII>
Accept-Language: en-NZ, en-GB, en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 071eee43-893b-412f-2a65-08d86f086d9b
X-MS-TrafficTypeDiagnostic: ME2PR01MB5297:
X-Microsoft-Antispam-PRVS: <>
X-MS-Oob-TLC-OOBClassifiers: OLM:6108
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: ycM0Xt+JDCflNHu2swqWDIfc/ChexQbCXTpAhJT24I7Lln0dsrmMhMJN3+BoPoJv5hFFKc2reUHYlYNZab2aXgZ/psyx0tw0n35nsbxOMGLDuZHKTykLtvKgQZ+6+eY0WBGJVc7Gkoq263ldQ1qiV7lrXslcaPgBZQgqfVq9X48E/uE9yjCEj/V/g5Wa+5+hvEqQfLmJ9VYAfQ9I++ExXsO26Bzbsn9HMwSSXVCaDkzskPShc8E7jWVCLIcp95LKTOO/NWgHhpKdFb4KuXESjv+I70pDkonuA+XymfPPXG5L5GVFnOCBsjnX7D1OiV0VOHVUzn9uCIy2NhL2jyLdg5TCxmN5ITDsG5RTfw8Vs7nM3YCjuGnClJ+5SiFCQtHW++UV/fAfbdFYB0q8BYPuGg==
X-Forefront-Antispam-Report: CIP:; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM;;; CAT:NONE; SFS:(4636009)(396003)(376002)(136003)(346002)(39860400002)(46966005)(26005)(47076004)(478600001)(86362001)(82310400003)(2906002)(5660300002)(110136005)(7636003)(186003)(70586007)(70206006)(2616005)(8676002)(36906005)(82740400003)(786003)(316002)(8936002)(336012)(4326008)(4744005)(356005); DIR:OUT; SFP:1101
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2020 23:42:05.8334 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 071eee43-893b-412f-2a65-08d86f086d9b
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[]; Helo=[]
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME2PR01MB5297
Authentication-Results:; auth=pass smtp.auth=CAU17A13
X-Mimecast-Spam-Score: 0
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [TLS] Sending Custom DHE Parameters in TLS 1.3
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 12 Oct 2020 23:42:16 -0000

Ilari Liusvaara <> writes:

>The Diffie-Hellman support in TLS 1.2 is severly broken. There is no way to
>use it safely on client side. This has lead to e.g., all the web browers to
>remove support for it.

It's actually pretty simple, don't use toy key sizes.  Many implementations
were never vulnerable to Logjam et al because they applied the simple measure
of... not using toy key sizes.

>There is no way to ensure that the parameters sent are not totally broken,

This requires that the server that you're connecting to is malicious.  If
you're connecting to a malicious server then you've got bigger things to worry
about then what they set g to.

>This has lead to e.g., all the web browers to remove support for it.

Because throwing out the baby with the bathwater and jumping on the next shiny
thing that comes along every time someone points out a problem seems to be a
requirement for crypto protocol implementers.