Recommendations for disabledAlgorithms?
Will Sargent
will.sargent at gmail.com
Wed Apr 9 04:58:30 UTC 2014
Hi all,
I'm writing an HTTPS client for Play, and I would like to give some
recommendations in the documentation for the current recommended key sizes
in the server handshake and in the X.509 certificate.
I'm using the key lengths as defined in http://www.keylength.com, but I am
concerned that I may have confused the algorithm names and key sizes, as
Diffie Hellman in particular seems to have a number of different relevant
key sizes floating around for p and q.
The current text of the document is as follows:
-----------
The `jdk.tls.disabledAlgorithms` can be used to prevent weak ciphers, and
can also be used to prevent small key sizes from being used in a handshake.
This is a [useful feature](
http://sim.ivi.co/2013/11/harness-ssl-and-jsse-key-size-control.html) that
is only available in JDK 1.7 and later.
The official documentation for disabled algorithms is [here](
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#DisabledAlgorithms
).
The parameter names to use for the disabled algorithms are not obvious, but
are listed in the [Providers documentation](
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
).
For X.509 certificates, the public key algorithms used in signatures can be
RSA, DSA or EC (listed as "ECDSA"):
```
jdk.certpath.disabledAlgorithms="RSA keySize < 2048, DSA keySize < 2048, EC
keySize < 224"
```
The digest algorithms used in signatures can be "NONE, MD2, MD4, MD5, SHA1,
SHA256, SHA512, SHA384":
```
jdk.certpath.disabledAlgorithms="MD2, MD4, MD5"
```
For TLS handshakes, the code will match the first part of the cipher suite
after the protocol, i.e. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 has ECDHE
as the relevant cipher, giving "DHE, ECDH, ECDHE, RSA":
```
jdk.tls.disabledAlgorithms="DHE keySize < 2048, ECDH keySize < 2048, ECDHE
keySize < 2048, RSA keySize < 2048"
```
Note that if you set `DHE keySize < 2048`, you will also want to set
`jdk.tls.ephemeralDHKeySize=2048` (and be running JDK 1.8).
JDK 1.7 has a [bug](
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8014618) that may cause
Diffie Hellman algorithms to fail 0.05% of the time, so you may want to
disable it or upgrade to JDK 1.8.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20140408/20e3fbc7/attachment.htm>
More information about the security-dev
mailing list