The new Logjam attack on TLS is based on common DH groups. This link recommends generating a new, custom 2048-bit DH group for each server.
How can I set a custom DH group in Java server code which uses SSLEngine?
ETA: would I be safe if I used only ephemeral DH cipher suites, i.e. ones with DHE or ECDHE and not DH or ECDH in their name? Or is this unrelated?
Java (JCE/JSSE) uses DH parameters from some well known DSA groups. The JCE parameter generator allows only to produce groups with sizes between 512 and 1024 bit (or 2048), but the JSSE implementation on the other side only accepts custom sizes between 1024 and 2048.
This has the affect you cannot use any of the custom sizes, only 1024 or 2048 (with Java 8). Keep in mind that Java 7 still only uses 768 bit as a server (or 512 in exportable crypto mode).
Starting with version 8 Java servers use by default 1024 bit. You can increase the server side to 2048 bit with jdk.tls.ephemeralDHKeySize=2048
. See Customizing Size of Ephemeral DH Keys.
Java as TLS client is less strict in older versions and accepts unsafe groups.
Update: with OpenJDK 8U65 (JSSE) there is a security property jdk.tls.server.defaultDHEParameters
which can define finit-field parameters.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With