Am Samstag, 24. Dezember 2016 02:15:35 UTC+1 schrieb Yuhong Bao:
> AFAIK one of the reasons DHE was dropped was that 1024-bit DHE was common. 
> Java used to hardcode 768-bit DHE.

This is a good point.

Nevertheless, when using DHE, I always have been doing so with DH params I have 
generated myself with sufficient key length. It didn't take much time to find 
out how to do that and how to make Apache use these params. No modifications of 
my favorite Linux distribution's Apache or OpenSSL were needed to do that.

In contrast, I am trying to make Apache and OpenSSL run with ECDHE and curve 
25519 for nearly two days now without success. I have to modify a central, 
security critical component of the system in question (OpenSSL) by downloading 
the sources, compiling myself and replacing my system's OpenSSL (or possibly I 
have to run both versions in parallel due to some weird dependencies). 

Consequently, in the next future, I can't rely on the security updates for my 
distribution, but will have to monitor OpenSSL advisories myself, and if there 
is a problem, I will have to fix it myself - redownload, reconfigure, 
recompile, reinstall, possibly fight with the dependencies again, and so on. 
No, I really didn't want to become the maintainer of my own OpenSSL package ...

I had some private communication with a very helpful and experienced person in 
the meantime, and he detailed to me that no Linux Distribution (possibly with 
one exception) uses an OpenSSL version which supports X25519. Furthermore, the 
OpenSSL versions which claim to support 25519 seem to be buggy / broken 
(openssl ecparam -list_curves does not show 25519 although it is claimed to be 
there; tested with OpenSSL 1.1.0c yesterday).

So, comparing the hassle with ECs to the hassle I had with generating safe DH 
params, the latter one has been ridiculously easy. Therefore, I regret the 
communities policy of giving up DHE.

But I have understood that I have to accept that policy, and I won't complain 
any more. The only thing I now can do is trying to make 25519 work.

Thank you very much,

Binarus
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to