Re: [openssl-dev] A question DH parameter generation and usage

[Paul Yang]

For DHE_RSA, you first need a pair of RSA certificate/key for signing. And you 
if want to use specific DH parameters, you can use the SSL_CTX_set_tmp_dh API, 
there is documentation describing how to use this function.

DH parameter could be generated by OpenSSL in many ways, one of the common way 
is by using the openssl-dhparam command line tool. Check the -help option of 
that command.

BTW: seems this email should be sent to openssl-users list only...

> On 6 Dec 2017, at 14:02, Jayalakshmi bhat  wrote:
> 
> Hi,
> 
> We are planning to use DHE_RSA TLS ciphers into our product. I have few 
> questions on using DH parameter. We would like to use DH-2048.
> 
> our product includes both TLS client and server applications. Thus any time 
> there will be considerable number of active connectioons.
> 
> I believe we can use same DH parameter for all the server connections. Is my 
> understanding correct? Is there any risk in using same parameter for all the 
> server connections.
> 
> Another question is what is guidelines/document should be followed to derive 
> DH parameter.
> 
> Any input is appreciated.
> 
> Thanks and Regards
> Jayalakshmi.
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev



signature.asc
Description: Message signed with OpenPGP
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] ECC ciphers in OpenSSL and Citricom Patent/License terms

[Jayalakshmi bhat]

Hi,

I have a question on ECC ciphers implementaion in OpenSSL. I do see
README.ECC file in FIPS certfied OpenSSL crypto library. That says  The
OpenSSL Software Foundation has executed a sublicense agreement
entitled "Elliptic Curve Cryptography Patent License Agreement" with the
National Security Agency/ Central Security Service Commercial Solutions
Center (NCSC) dated 2010-11-04.

However OpenSSL library does not include this file. Does it mean to use ECC
ciphers from OpenSSL does the end user needs to get the license from
Citricom?

Thanks and Regards
Jayalakshmi
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] A question DH parameter generation and usage

[Jayalakshmi bhat]

Hi,

We are planning to use DHE_RSA TLS ciphers into our product. I have few
questions on using DH parameter. We would like to use DH-2048.

our product includes both TLS client and server applications. Thus any time
there will be considerable number of active connectioons.

I believe we can use same DH parameter for all the server connections. Is
my understanding correct? Is there any risk in using same parameter for all
the server connections.

Another question is what is guidelines/document should be followed to
derive DH parameter.

Any input is appreciated.

Thanks and Regards
Jayalakshmi.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] frequency and size of heartbeat requests

[Hanno Böck]

On Tue, 5 Dec 2017 19:14:41 + (UTC)
Jitendra Lulla via openssl-dev  wrote:

> Could the solution be a restricted count of HB requests along with a
> timer? 

No, the solution is to disable TLS heartbeats.
I actually wanted to bring this up when I recently noticed that OpenSSL
still enables the heartbeat extension by default in every clienthello
it sends.

In the whole Heartbleed aftermath nobody was ever able to tell me where
TLS Heartbeats are used. It's a feature in order to have a feature.


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] frequency and size of heartbeat requests

[Salz, Rich via openssl-dev]

The purpose of the HEARTBEAT message is for DTLS applications to determine the 
maximum packet size and tune the application records accordingly. There is 
never any reason to use this in TCP-based TLS; that was an OpenSSL bug that 
enabled it there.

The usefulness of HEARTBEAT even in DTLS is probably pretty small and it is 
probably safer to just turn it off. Spending time and code to “protect it” is 
probably not worth the effort.

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] frequency and size of heartbeat requests

[Jitendra Lulla via openssl-dev]

Hi,

With  an "intentionally corrupted" tls1_heartbeat() in Openssl 1.0.2l, heart 
beat requests with big payloads such as 16300 or slightly more can be 
repeatedly sent to the server. 

The server, religiously responds back with such big payloads after spending its 
cpu on encrypting/HMAC computing on the payload in the heartbeat response 
messages..

I confirmed the above with s_server/s_client.

The RFC doesn't say anything about this possible exploit/DOS attack.
The RFC also allows such big payloads. 

While such payloads might be meeting some requirement (PMTU computation ?),, 
the frequency of such big messages (continuous repeats) must certainly be 
controlled. 

I see that this extn is disabled in openssl-master but I could see that some 
servers (eg yahoo) do respond to heartbeat requests which means that they are 
running some ssl implementation (probably Openssl) which is vulnerable to 
continuous repeated big HB requests.


Is the problem mentioned above a problem indeed or I am missing something ?

Could the solution be a restricted count of HB requests along with a timer? 

Thanks
Jitendra 



-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev