[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7506) Diffie-Hellman parameters (DHParamFile) are improperly handled

ben@bjencks.net wrote:
> I suppose I should attach a test case:

Thanks, patches applied to master (with some tweaks).
> openssl dhparam 1536 > dh1536.pem
> openssl req -new -newkey rsa:2048 -keyout server.key \
>    -out server.crt -sha256 -nodes -subj '/CN=localhost/' -x509
> For GnuTLS, load the following config:
> dn: cn=config
> objectClass: olcGlobal
> cn: config
> olcTLSCertificateFile: $WORKDIR/server.crt
> olcTLSCertificateKeyFile: $WORKDIR/server.key
> olcTLSCipherSuite: NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:
> olcTLSDHParamFile: $WORKDIR/dh1536.pem
> dn: olcDatabase={0}config,cn=config
> objectClass: olcDatabaseConfig
> olcDatabase: {0}config
> For Openssl, change olcTLSCipherSuite to:
> olcTLSCipherSuite: aRSA+AES128+kEDH
> Start up slapd with the config, listening on ldaps://localhost:6636.
> openssl s_client -connect localhost:6636
> With GnuTLS this will fail negotiation; with OpenSSL it will use 1024
> bit parameters rather than the 1536 bits params we specified.
> The only way I've found to find the actual parameter size is to tcpdump
> the negotiation. First, verify that the negotiated cipher suite is
> DHE-RSA-AES128-SHA according to s_client, then:
> tcpdump -i lo -wldap.pcap port 6636
> wireshark ldap.pcap
> Apply the SSL decode to the traffic (right click on packet, Decode As,
> Transport tab, SSL), find the Server Key Exchange packet, select the
> Server Key Exchange portion of the handshake message, and look at the
> hex dump.
> It should start with 0c, followed by a three byte size, then the next
> two bytes are the length of the DH parameters: 0080 for 1024 bits, 00c0
> for 1536 bits.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/