[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and DH parameter size / LogJam vulnerability

To: Jens Vagelpohl <jens@dataflake.org>, openldap-technical@openldap.org
Subject: Re: OpenLDAP and DH parameter size / LogJam vulnerability
From: Howard Chu <hyc@symas.com>
Date: Tue, 14 Jul 2015 18:39:28 +0100
In-reply-to: <F69610DD-64F7-4F75-9A88-2AAE703AF810@dataflake.org>
References: <F69610DD-64F7-4F75-9A88-2AAE703AF810@dataflake.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Jens Vagelpohl wrote:

Hi all,

In my setup (CentOS7, OpenLDAP 2.4.41 from the LDAP Tool Box project) I am using the following slapd.conf parameters for SSL-related configuration:

TLSProtocolMin          3.1
TLSCertificateFile      /etc/pki/tls/certs/NNN.crt
TLSCertificateKeyFile   /etc/pki/tls/private/NNN.key
TLSCACertificateFile    /etc/pki/tls/certs/NNN.ca.pem
TLSDHParamFile          /usr/local/openldap/etc/openldap/dh_2048.pem
TLSCipherSuite          AESGCM:!RSA:!DSS:!ADH:!aECDH

The file /usr/local/openldap/etc/openldap/dh_2048.pem is a valid DH parameter file with size 2048:

<snip>
# openssl dh -in /usr/local/openldap/etc/openldap/dh_2048.pem  -text -noout
     PKCS#3 DH Parameters: (2048 bit)
         prime:
</snip>

I am now testing the actual DH parameter size used during a TLS connection with instructions from https://bettercrypto.org/blog/2015/05/20/tls-logjam/ and it only shows DH parameter size 1024:

<snip>
$ echo | openssl s_client -connect alias01.alias.ooo:636 -cipher "EDH" 2>/dev/null
… much output …
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 1024 bits
</snip>

I was expecting "Server Temp Key: DH, 2048 bits”. Am I just testing this the wrong way or is there an issue with DH parameter configurations in OpenLDAP?


Works for me:
###

subject=/C=US/ST=California/L=Los Angeles/O=Symas Corporation/OU=IntergalacticHQ/CN=localhostissuer=/C=US/ST=California/O=Symas Corporation/OU=Intergalactic HQ/CN=SymasKeymaster/emailAddress=admin@symas.com

---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 3177 bytes and written 463 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
###
What is your cert's public key size?

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>

References:
- OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>

Prev by Date: Re: LDAP over TLS
Next by Date: Re: LDAP over TLS
Index(es):
- Chronological
- Thread