Bug 1844575

Summary: OpenSSL will use unsafe FFDH primes with 2048 bit RSA keys
Product: [Fedora] Fedora Reporter: Hubert Kario <hkario>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: crypto-team, jorton, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1844607 (view as bug list) Environment:
Last Closed: 2020-09-18 15:51:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1844607    

Description Hubert Kario 2020-06-05 17:11:47 UTC 
Description of problem:
When openssl s_server is configured with 2048 bit RSA keys and a DHE cipher is negotiated, it will use the RFC5114 group 23.

Version-Release number of selected component (if applicable):
openssl-1.1.1g-1.fc31.x86_64

How reproducible:
always

Steps to Reproduce:
1. generate 2048 bit keys
2. connect client to server, force negotiation of DHE ciphers

Actual results:
Server proposes RFC 5114 group 23 in ServerKeyExchangeMessage

Expected results:
Server should select one of the parameters that use safe primes, from either RFC 3526 or RFC 7919


Additional info:
Comment 1 Tomas Mraz 2020-09-18 15:51:37 UTC 
Fixed in rawhide and F33.