Bug 1062925

Summary: [RFE] Enable large Discrete Logarithm Diffie-Hellman groups
Product: [Fedora] Fedora Reporter: Peter Backes <rtc>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: calestyo, dimitris.on.linux, hkario, redhat-bugzilla, robert.scheck, tmraz
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-10 11:03:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Backes 2014-02-08 19:27:48 UTC 
Description of problem:
Use at least 15360 bits group size for Discrete Logarithm Diffie-Hellman if you use a 256 bit block cipher. See various standards (especially NIST) cited at http://www.keylength.com/

This is not possible with openssl, because (see bug 1010607) "their crypto/dh/dh.h file has:

#ifndef OPENSSL_DH_MAX_MODULUS_BITS
# define OPENSSL_DH_MAX_MODULUS_BITS    10000
#endif"

it should be 65536. Possibly, other changes need to be made to enable the use of such large groups.

Version-Release number of selected component (if applicable):
openssl-1.0.1e-39.fc21.i686
Comment 1 Tomas Mraz 2014-02-09 17:15:45 UTC 
Please report this issue upstream. Note that computations with such large DH moduli are extremely slow and CPU cycle consuming so this means they are not too useful anyway.
Comment 2 Peter Backes 2014-02-09 23:05:04 UTC 
(In reply to Tomas Mraz from comment #1)
> Please report this issue upstream. Note that computations with such large DH
> moduli are extremely slow and CPU cycle consuming so this means they are not
> too useful anyway.

This is incorrect, as noted already in bug 1010607. You may have these issues with ephemeral RSA keys, but they don't apply to discrete logarithm Diffie-Hellman. The only minor issue it has is the (moderate) amount of data transferred during key exchange.... Which is why elliptic curves are now preferred. But large Discrete Logarithm Diffie-Hellman group sizes should work anyway.
Comment 3 Christoph Anton Mitterer 2014-10-18 05:15:59 UTC 
Anything new here? Has this been forwarded upstream?
Comment 4 Tomas Mraz 2017-01-10 11:03:46 UTC 
This is request for a new upstream feature and it would be best handled within OpenSSL upstream. Please report it to OpenSSL project in:
https://github.com/openssl/openssl/issues
Comment 5 Robert Scheck 2017-02-05 23:37:25 UTC 
Not sure what (or if something) has happened here regards taking this report
to upstream, filed https://github.com/openssl/openssl/issues/2558 now.