Function: nsm-protocol-check--dhe-prime-kx

nsm-protocol-check--dhe-prime-kx is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--dhe-prime-kx HOST PORT STATUS &optional SETTINGS)

Documentation

Check for the key strength of DH key exchange based on integer factorization.

This check is a response to Logjam[1]. Logjam is an attack that allows an attacker with sufficient resource, and positioned between the user and the server, to downgrade vulnerable TLS connections to insecure 512-bit export grade cryptography.

The Logjam paper suggests using 1024-bit prime on the client to mitigate some effects of this attack, and upgrading to 2048-bit as soon as server configurations allow. According to SSLLabs' SSL Pulse tracker the overwhelming majority of servers support
2048-bit key exchange in October 2023[2]. This function
therefore checks for a minimum key strength of 2048 bits.

See also: nsm-protocol-check--dhe-kx

Reference:

[1]: Adrian et al (2014). "Imperfect Forward Secrecy: How
Diffie-Hellman Fails in Practice", https://weakdh.org/
[2]: SSL Pulse (June 03, 2018). "Key Exchange Strength",
https://www.ssllabs.com/ssl-pulse/

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-protocol-check--dhe-prime-kx (_host _port status &optional _settings)
  "Check for the key strength of DH key exchange based on integer factorization.

This check is a response to Logjam[1].  Logjam is an attack that
allows an attacker with sufficient resource, and positioned
between the user and the server, to downgrade vulnerable TLS
connections to insecure 512-bit export grade cryptography.

The Logjam paper suggests using 1024-bit prime on the client to
mitigate some effects of this attack, and upgrading to 2048-bit
as soon as server configurations allow.  According to SSLLabs'
SSL Pulse tracker the overwhelming majority of servers support
2048-bit key exchange in October 2023[2].  This function
therefore checks for a minimum key strength of 2048 bits.

See also: `nsm-protocol-check--dhe-kx'

Reference:

[1]: Adrian et al (2014).  \"Imperfect Forward Secrecy: How
Diffie-Hellman Fails in Practice\", `https://weakdh.org/'
[2]: SSL Pulse (June 03, 2018).  \"Key Exchange Strength\",
`https://www.ssllabs.com/ssl-pulse/'"
  (let ((prime-bits (plist-get status :diffie-hellman-prime-bits)))
    (if (and (string-match "^\\bDHE\\b" (plist-get status :key-exchange))
             (< prime-bits 2048))
        (format-message
         "Diffie-Hellman key strength (%s bits) too weak (%s bits)"
         prime-bits 2048))))