Function: nsm-protocol-check--dhe-prime-kx

nsm-protocol-check--dhe-prime-kx is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--dhe-prime-kx HOST PORT STATUS &optional SETTINGS)

Documentation

Check for the key strength of DH key exchange based on integer factorization.

This check is a response to Logjam[1]. Logjam is an attack that allows an attacker with sufficient resource, and positioned between the user and the server, to downgrade vulnerable TLS connections to insecure 512-bit export grade cryptography.

The Logjam paper suggests using 1024-bit prime on the client to mitigate some effects of this attack, and upgrade to 2048-bit as soon as server configurations allow. According to SSLLabs' SSL Pulse tracker, only about 75% of server support 2048-bit key exchange in June 2018[2]. To provide a balance between compatibility and security, this function only checks for a minimum key strength of 1024-bit.

See also: nsm-protocol-check--dhe-kx

Reference:

[1]: Adrian et al (2014). "Imperfect Forward Secrecy: How
Diffie-Hellman Fails in Practice", https://weakdh.org/
[2]: SSL Pulse (June 03, 2018). "Key Exchange Strength",
https://www.ssllabs.com/ssl-pulse/

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-protocol-check--dhe-prime-kx (_host _port status &optional _settings)
  "Check for the key strength of DH key exchange based on integer factorization.

This check is a response to Logjam[1].  Logjam is an attack that
allows an attacker with sufficient resource, and positioned
between the user and the server, to downgrade vulnerable TLS
connections to insecure 512-bit export grade cryptography.

The Logjam paper suggests using 1024-bit prime on the client to
mitigate some effects of this attack, and upgrade to 2048-bit as
soon as server configurations allow.  According to SSLLabs' SSL
Pulse tracker, only about 75% of server support 2048-bit key
exchange in June 2018[2].  To provide a balance between
compatibility and security, this function only checks for a
minimum key strength of 1024-bit.

See also: `nsm-protocol-check--dhe-kx'

Reference:

[1]: Adrian et al (2014).  \"Imperfect Forward Secrecy: How
Diffie-Hellman Fails in Practice\", `https://weakdh.org/'
[2]: SSL Pulse (June 03, 2018).  \"Key Exchange Strength\",
`https://www.ssllabs.com/ssl-pulse/'"
  (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)))
    (if (and (string-match "^\\bDHE\\b" (plist-get status :key-exchange))
             (< prime-bits 1024))
        (format-message
         "Diffie-Hellman key strength (%s bits) too weak (%s bits)"
         prime-bits 1024))))