Hi Shawn, On Thu, Jun 04, 2015 at 03:24:19PM -0600, Shawn Heisey wrote: > On 6/4/2015 9:54 AM, Willy Tarreau wrote: > > I simply used "openssl dhparam <size>" as suggested, and am trusting > > openssl to provide something reasonably safe since this is how every user > > builds their own dhparam when they don't want to use the initial one. > > I've been trying to read up on this vulnerability and how to prevent it. > I admit that I'm having a hard time grasping everything.
Welcome :-) That said, Rémi has provided a very good overview in another thread last week. > I decided to look for HOWTO information on mitigating the problem > instead of trying to understand it. I found a preferred cipher list to > use with haproxy, and the rest of the info I *think* can be summarized > as "create a new dhparam of 2048 bits with openssl and append it to each > PEM certificate file." > > https://weakdh.org/sysadmin.html#haproxy > > Is that right? If not, what exactly should I be doing? Yes that's it. If I understood well Rémi's explanation, DHE is not supposed to be used a lot since most browsers support ECDHE, but a few clients will have to use DHE. It's possible to disable DHE but then it's worse than no DHE at all (no perfect forward secrecy). Also, if for you 2048 bits induce too high a CPU usage, you can fall back to 1024 with a dhparam that you generate yourself, but it's not recommended for the long term. Regards, Willy
