[Bug 2528] New: JSSE server still defaults to 768-bit DHE

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Tue Jul 14 12:53:38 UTC 2015 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2528

            Bug ID: 2528
           Summary: JSSE server still defaults to 768-bit DHE
           Product: IcedTea
           Version: 7-hg
          Hardware: all
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: thoger at redhat.com
                CC: unassigned at icedtea.classpath.org

This is a follow-up on bug 2250, which led to introduction of support of the
jdk.tls.ephemeralDHKeySize system property.  Prior to the change, JSSE server
could only use 768-bit DHE keys (with non-export cipher suites).  The change
makes it possible to request larger keys, up to 2048-bit.

The patch applied did not change the default key size though.  The recent
research indicates that 768-bit is not strong enough any more and can be broken
with resources available to academic teams.

https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf

The default key size should be increased to at least 1024-bit (the JDK8
default).  The above research also indicates that 1024-bit may be within reach
of state-level attackers, but going above 1024 by default is problematic, as
older JDK versions (including current Oracle JDK 6 and 7) do not accept keys
above 1024-bit on the client side.  1024 should still be considered as the new
default.

A minor quirk of the patch backported to OpenJDK for bug 2250 - it limits
customizedDHKeySize to be between 1024 and 2048.  That's probably fine in JDK8
that never defaulted to size below 1024, but may be somewhat odd in 7 (or 6),
as it does not allow the use of -Djdk.tls.ephemeralDHKeySize=768 to force the
current default if the default is changed to 1024.  "legacy" is not explicitly
supported either.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150714/0f1b64f9/attachment.html>

More information about the distro-pkg-dev mailing list