[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7506) Diffie-Hellman parameters (DHParamFile) are improperly handled

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7506) Diffie-Hellman parameters (DHParamFile) are improperly handled
From: hyc@symas.com
Date: Sat, 7 Sep 2013 14:29:57 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Howard Chu wrote:
> ben@bjencks.net wrote:
>> I suppose I should attach a test case:
>
> Thanks, patches applied to master (with some tweaks).
>>
>> cd $WORKDIR
>> openssl dhparam 1536 > dh1536.pem
>> openssl req -new -newkey rsa:2048 -keyout server.key \
>>     -out server.crt -sha256 -nodes -subj '/CN=localhost/' -x509
>>
>> For GnuTLS, load the following config:
>> dn: cn=config
>> objectClass: olcGlobal
>> cn: config
>> olcTLSCertificateFile: $WORKDIR/server.crt
>> olcTLSCertificateKeyFile: $WORKDIR/server.key
>> olcTLSCipherSuite: NONE:+VERS-TLS1.1:+VERS-TLS1.0:+AES-128-CBC:
>>    +DHE-RSA:+SHA1:+COMP-NULL
>> olcTLSDHParamFile: $WORKDIR/dh1536.pem
>>
>> dn: olcDatabase={0}config,cn=config
>> objectClass: olcDatabaseConfig
>> olcDatabase: {0}config
>>
>> For Openssl, change olcTLSCipherSuite to:
>> olcTLSCipherSuite: aRSA+AES128+kEDH
>>
>> Start up slapd with the config, listening on ldaps://localhost:6636.
>>
>> openssl s_client -connect localhost:6636
>>
>> With GnuTLS this will fail negotiation; with OpenSSL it will use 1024
>> bit parameters rather than the 1536 bits params we specified.
>>
>> The only way I've found to find the actual parameter size is to tcpdump
>> the negotiation. First, verify that the negotiated cipher suite is
>> DHE-RSA-AES128-SHA according to s_client, then:
>>
>> tcpdump -i lo -wldap.pcap port 6636
>> wireshark ldap.pcap
>> Apply the SSL decode to the traffic (right click on packet, Decode As,
>> Transport tab, SSL), find the Server Key Exchange packet, select the
>> Server Key Exchange portion of the handshake message, and look at the
>> hex dump.
>>
>> It should start with 0c, followed by a three byte size, then the next
>> two bytes are the length of the DH parameters: 0080 for 1024 bits, 00c0
>> for 1536 bits.

For future reference, you can check this just using
openssl s_client -connect localhost:6636 -debug -state

SSL_connect:SSLv3 read server certificate A
read from 0x16b0c20 [0x16b6cf3] (5 bytes => 5 (0x5))
0000 - 16 03 02 03 0d                                    .....
read from 0x16b0c20 [0x16b6cf8] (781 bytes => 781 (0x30D))
0000 - 0c 00 03 09 01 00 a8 e0-4a 3d d1 d2 73 a8 bd 2e   ........J=..s...

In this case 0c 00 03 09 marks the Server Key Exchange and length, and 01 00 
indicates 2048 bits (which matches the dhparams I used).

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7506) Diffie-Hellman parameters (DHParamFile) are improperly handled
Next by Date: Re: (ITS#7595) OpenLDAP lacks a ECDHE key generation callback
Index(es):
- Chronological
- Thread