Hi Remi, On Thu, May 21, 2015 at 06:07:34PM +0200, Remi Gacogne wrote: > In the default configuration, Haproxy uses a 1024-bit DH key generated > from the second Oakley group [2] for Diffie-Hellman Ephemeral (DHE) key > exchange. This group is widely used, and is likely to be the first > target for pre-computation by an adversary with large enough computing > capabilities. I would advise using instead a 2048-bit key generated from > the MODP group 14, by setting the tune.ssl.default-dh-param parameter to > 2048, or even disabling DHE altogether if you are expecting every client > to support ECDHE key exchange. Note that increasing the > tune.ssl.default-dh-param will increase the CPU load on your server, and > may therefore increase the connection establishment latency.
That makes me think about something, as you advocated a long time ago for increasing the dh-param default size. Do you think we should take the opportunity of 1.6 to increase the default size ? It will use more CPUs for people who migrate from 1.5 only, and such people are expected to run tests during the migration anyway so they should not be surprized. > If you cannot increase the DH key size above 1024-bit, please at least > generate a custom DH group with the "openssl dhparam 2048" command, and > add the result of this command to your certificate file. Does that improve the situation regarding the CPU usage ? I must confess this is still very cryptic to me (no pun intended). Thanks! Willy
