On 19/07/2016 11:16, Bogdan Harjoc wrote:
When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key,
I noticed that browsers select
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(chrome, firefox)
and openssl due to the ciphers list selects
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
openssl s_client -connect 112.175.90.160:443 -cipher
DEFAULT
:!EDH-RSA-DES-CBC3-SHA
:!DHE-RSA-AES128-GCM-SHA256
:!DHE-RSA-AES256-GCM-SHA384
:!DHE-RSA-AES128-SHA256
:!DHE-RSA-AES128-SHA
:!DHE-RSA-AES256-SHA256
:!DHE-RSA-AES256-SHA
:-ECDH
:-EXPORT:-DES:-SEED:-RC4:-PSK:-IDEA
:ECDHE-RSA-AES128-SHA
The error is: dh key too small:.\ssl\s3_clnt.c:3424.
From a client that uses openssl libs, what would the correct
workaround be ? Try to figure out that the DH key is too small and
retry with the DHE ciphers disabled ? Or reorder the ciphers ? Given
that cipher order can lead to failed handshakes, is there a correct
order for https clients ?
I am not sure, but I guess those browsers default to listing ECDHE
before EDHE, thus never notices the weak DH group parameters (not
key, OpenSSL error message is misleading).
You could try testing those particular versions of chrome and firefox
against https://www.ssllabs.com/ssltest/viewMyClient.html to see what
their cipher list is.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
