Weak DH parameters with cipher suites that use DHE key exchange

0

I'm working through the book "Bulletproof SSL and TLS" by Ivan Ristic (the guy behind the famous SSL Labs site) and found this bit on Page 40 that seems relevant to the LoadMaster (I'm on version 7.1-24b):

"Historically speaking, DH parameters have been largely ignored and their security neglected. Many libraries and servers use weak DH parameters by default and often don't provide a means to change their strength in configuration. For this reason, it's not uncommon to see servers using weak 1,024-bit parameters..."

When I assign to a virtual service any cipher suite that uses DHE key exchange, the LoadMaster uses 1024-bit DH parameters for the key exchange. This generates a "weak" warning on the SSL Labs tests. Is there a way to make the LoadMaster use 2048-bit DH parameters?

3 comments

Avatar
0
sysadmins

Hi there, this question points direct to Logjam: https://weakdh.org/

I would like to use 2048-bit DH parameters also. Is there a way to do this?

Avatar
0
maik

KEMP, could you please answer this?

Avatar
0
James Rago Global Support Manager

ECDHE (Elliptic Curve Ephemeral Diffie-Hellman) is specifically cited by the paper summarized at weakdh.org as the #1 recommendation to avoid all documented issues with "classic" DHE. ECDHE it is also a better performing key exchange algorithm. KEMP recommends that wherever possible customers configure their LoadMasters to use ECDHE cipher suites in preference to DHE cipher suites as client support should be equivalent.

For the rare corner cases (e.g., Java 6 without ECC provider, custom clients) where PFS (Perfect Forward Security) is desired and ECDHE is not supported, version 7.1-30 of our LoadMaster firmware will offer configurable DHE bit-length selection, up to 2048-bit. We expect to have this available in a future release.