Bug 1844575 - OpenSSL will use unsafe FFDH primes with 2048 bit RSA keys
Summary: OpenSSL will use unsafe FFDH primes with 2048 bit RSA keys
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 31
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1844607
TreeView+ depends on / blocked
 
Reported: 2020-06-05 17:11 UTC by Hubert Kario
Modified: 2020-09-18 15:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1844607 (view as bug list)
Environment:
Last Closed: 2020-09-18 15:51:37 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openssl openssl issues 12060 0 None closed Insecure DH parameters selected by default 2020-09-18 15:49:36 UTC

Description Hubert Kario 2020-06-05 17:11:47 UTC 
Description of problem:
When openssl s_server is configured with 2048 bit RSA keys and a DHE cipher is negotiated, it will use the RFC5114 group 23.

Version-Release number of selected component (if applicable):
openssl-1.1.1g-1.fc31.x86_64

How reproducible:
always

Steps to Reproduce:
1. generate 2048 bit keys
2. connect client to server, force negotiation of DHE ciphers

Actual results:
Server proposes RFC 5114 group 23 in ServerKeyExchangeMessage

Expected results:
Server should select one of the parameters that use safe primes, from either RFC 3526 or RFC 7919


Additional info:
Comment 1 Tomas Mraz 2020-09-18 15:51:37 UTC 
Fixed in rawhide and F33.
Note You need to log in before you can comment on or make changes to this bug.