[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and DH parameter size / LogJam vulnerability

To: Jens Vagelpohl <jens@dataflake.org>
Subject: Re: OpenLDAP and DH parameter size / LogJam vulnerability
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Wed, 15 Jul 2015 08:50:45 +0000
Cc: ldap <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <D4705EC4-4D70-4858-AB92-A1CBF67D783D@dataflake.org>
References: <F69610DD-64F7-4F75-9A88-2AAE703AF810@dataflake.org> <20150715084245.709a54a9@pink.avci.de> <D4705EC4-4D70-4858-AB92-A1CBF67D783D@dataflake.org>
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Jul 15, 2015 at 08:59:25AM +0200, Jens Vagelpohl wrote:
> Yes, I have read your article and confirmed again that everything
> is indeed set up along the lines of your example configuration.
> The server temporary key remains at 1024 bytes.

You meant 1024 *bits*

Same here: OpenLDAP was given a 4096 bit DH parameter file, but 
openssl s_client shows 1024 bits.

This is OpenLDAP 2.4.40. Kernel trace shows the DH parameter file is open,
but  there is no complain about anything in the logs.

-- 
Emmanuel Dreyfus
manu@netbsd.org

Follow-Ups:
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>

References:
- OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Dieter Klünter <dieter@dkluenter.de>
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>

Prev by Date: Re: Optimization for OpenLdap 2.4.40
Next by Date: Re: OpenLDAP and DH parameter size / LogJam vulnerability
Index(es):
- Chronological
- Thread