Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-22 Thread Salz, Rich
> We have cryptographic accelerators on cavium platforms which minimize CPU > usage. So our customers are looking for 16K support. Well, sorry, but by default most other sides won't be able to use them. Not sure anything else to say. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-22 Thread Erwann Abalea
Bonjour, Le 22 juil. 2016 à 08:44, Gupta, Saurabh > a écrit : 1: I didn't get it, Why this behaviour is not coming for other ciphers while doing the server/client handshake? It should fail for other ciphers also. Ciphers: working

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-22 Thread Gupta, Saurabh
> The DoS issue is still there. How can you prevent the "other side" from > consuming all your CPU with a large key? > Who needs 16K RSA keys, such that openssl by default should support that for > everyone? We have cryptographic accelerators on cavium platforms which minimize CPU usage. So

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-22 Thread Salz, Rich
> 2: if anyway I want to use 16k modulus, Do we have solution to avoid this > issue so that it won't harm to other application or create any new attack? No. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-22 Thread Gupta, Saurabh
1: I didn't get it, Why this behaviour is not coming for other ciphers while doing the server/client handshake? It should fail for other ciphers also. Ciphers: working DHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 .. etc Ciphers: Not working AES128-SHA AES256-SHA .. etc

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Salz, Rich
> Wait, is OpenSSL "sanity checking" a message size dictated by the same ends > local configuration against a fixed arbitrary limit rather than a limit > computed > from that local configuration? Yup. Call it a limitation of C, if you want. "#define MAX_..." is just too hard to avoid. It

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Jakob Bohm
On 21/07/2016 17:28, Salz, Rich wrote: Again, I’m not saying using a 16kRSA key is a good idea. It’s not a good idea, one should really consider ECC instead (both for performance and network reasons). But keeping this 2048 bytes limit is not a security decision. It’s the result of a trade-off

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Salz, Rich
> Again, I’m not saying using a 16kRSA key is a good idea. It’s not a good idea, > one should really consider ECC instead (both for performance and network > reasons). But keeping this 2048 bytes limit is not a security decision. It’s > the > result of a trade-off choice, right. And that doesn't

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Erwann Abalea
> Le 21 juil. 2016 à 15:08, Salz, Rich a écrit : > >> By raising the limit, you don’t suddenly put every application at risk of a >> DoS, >> because these applications won’t suddenly use a 16k RSA key. > > Yes we do, because the other side could send a key, not local config.

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Salz, Rich
> Instead of raising the limit of client key exchange message length more than > 2048, why can't we add the > "ssl3_check_client_hello" functionality in the ssl/s3_srvr.c because that > will "permit appropriate message length". The DoS issue is still there. How can you prevent the "other

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Gupta, Saurabh
sl software failure for RSA 16K modulus (Salz, Rich) -- Message: 1 Date: Thu, 21 Jul 2016 12:15:15 + From: "Salz, Rich" <rs...@akamai.com> To: "openssl-users@openssl.org" <openssl-users@openssl.org> Subject:

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Salz, Rich
>By raising the limit, you don’t suddenly put every application at risk of a >DoS, > because these applications won’t suddenly use a 16k RSA key. Yes we do, because the other side could send a key, not local config. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Erwann Abalea
> Le 21 juil. 2016 à 14:17, Salz, Rich a écrit : > >> We have to make trade-offs. Who uses a 16K RSA key? > > Let me add some clarification. Is it worth putting every application that > uses OpenSSL at risk for a DoS attack with a 16K RSA key? By raising the limit, you

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Salz, Rich
> We have to make trade-offs. Who uses a 16K RSA key? Let me add some clarification. Is it worth putting every application that uses OpenSSL at risk for a DoS attack with a 16K RSA key? -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- openssl-users

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Salz, Rich
> Largest accepted client key exchange message length seems to be set to 2048 > bytes. > Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes > of pure crypto payload, plus a few bytes of overhead). > OpenSSL is too conservative here. Why not use an ECC key? We have

Re: [openssl-users] Openssl software failure for RSA 16K modulus

2016-07-21 Thread Erwann Abalea
Largest accepted client key exchange message length seems to be set to 2048 bytes. Key exchange for an RSA16k is slightly larger than that (exactly 2048 bytes of pure crypto payload, plus a few bytes of overhead). OpenSSL is too conservative here. Cordialement, Erwann Abalea Le 21 juil. 2016