Bug #11968
closed
OpenSSL extension only supports weak (512-bit, 1024-bit) Diffie-Hellman groups
Description
The following D-H groups are enabled per default:
These use 512-bit and 1024-bit primes respectively. These are considered weak in 2015 by all present methods of evaluating D-H group size as a security parameter:
http://www.keylength.com/
Weak D-H groups like this were recently implicated in the Logjam attack:
https://weakdh.org/
512-bit D-H keys in particular can be trivially attacked by commodity hardware. I have put in a PR to the openssl gem to remove the 512-bit group:
https://github.com/ruby/openssl/pull/44
However, the 1024-bit group is weak as well. The recommendation of the Logjam paper authors is to upgrade to a 2048-bit group at the minimum.
Updated by bascule (Tony Arcieri) over 9 years ago
I have opened a PR on GitHub here:
https://github.com/ruby/ruby/pull/1196
Updated by hsbt (Hiroshi SHIBATA) over 9 years ago
- Status changed from Open to Closed
Applied in changeset r53531.
- Remove 512-bit DH group. It's affected by LogJam Attack.
https://weakdh.org/
[fix GH-1196][Bug #11968][ruby-core:72766]