On 5/23/2015 11:18 PM, Bernd Eckenfels wrote: > Am Sat, 23 May 2015 22:16:16 +0800 > schrieb Xuelei Fan <xuelei....@oracle.com>: > >> I did not get your ideas in the previous mail. >> "jdk.tls.disabledAlgorithms" is expected to work to disable weak DH >> keys (for example, ""DHE keySize < 768"). Can you describe your >> concern more? > > This is exactly what I want to do. In order for a client to protect > against a Logjam attack it has to reject DHE groups with a prime > smaller than a safe size. This is at least 768 bit but more security > sensitive installation might want to restrict >1024 or even >2048 bit as > well. > > Unfortiunatelly Java Clients accept 512bit (even when they do not offer > export grade ciphers). So a minimum fix would be to only accept 512bit > if it was offering export crypto. However making the minimum > configurable would be even better. > > The current mechanism to restrict ciphers by key length does however > not work, it seems. I suspect it only works for explicitely geenrated > DH parameters but not received DHE groups. > I see your point.
Thanks, Xuelei > I searched the ClientHandshaker for usages of algorithmConstraints, and > it does not use it for the DHE part. It only question KEY_AGREEMENT for > cipher suite selection. (But I am not so famiiar with the code, maybe > you can point me to a place where the DHE size would be validated). > > Thinking about it, it might be possible to register an own > DiffieHellmann provider to enforce a limit, hm. > > Gruss > Bernd >
