Function: nsm-protocol-check--dhe-kx

nsm-protocol-check--dhe-kx is a byte-compiled function defined in nsm.el.gz.

Signature

(nsm-protocol-check--dhe-kx HOST PORT STATUS &optional SETTINGS)

Documentation

Check for existence of DH key exchange based on integer factorization.

In the years since the discovery of Logjam, it was discovered that there were rampant use of small subgroup prime or composite number for DHE by many servers, and thus allowed themselves to be vulnerable to backdoors[1]. Given the difficulty in validating Diffie-Hellman parameters, major browser vendors had started to remove DHE since
2016[2]. In 2020, the so-called Raccoon Attack was discovered, a
server-side vulnerability that exploits a side-channel to get the shared secret key[3].

Emacs stops short of banning DHE and terminating the connection, but prompts the user instead.

References:

[1]: Dorey, Fong, and Essex (2016). "Indiscreet Logs: Persistent
Diffie-Hellman Backdoors in TLS.", https://eprint.iacr.org/2016/999.pdf
[2]: Chrome Platform Status (2017). "Remove DHE-based ciphers",
https://www.chromestatus.com/feature/5128908798164992
[3]: Merget, Brinkmann, Aviram, Somorovsky, Mittmann, and
Schwenk (2020). "Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)" https://raccoon-attack.com/RacoonAttack.pdf

Source Code

;; Defined in /usr/src/emacs/lisp/net/nsm.el.gz
(defun nsm-protocol-check--dhe-kx (_host _port status &optional _settings)
  "Check for existence of DH key exchange based on integer factorization.

In the years since the discovery of Logjam, it was discovered that there
were rampant use of small subgroup prime or composite number for DHE by
many servers, and thus allowed themselves to be vulnerable to
backdoors[1].  Given the difficulty in validating Diffie-Hellman
parameters, major browser vendors had started to remove DHE since
2016[2].  In 2020, the so-called Raccoon Attack was discovered, a
server-side vulnerability that exploits a side-channel to get the shared
secret key[3].

Emacs stops short of banning DHE and terminating the connection, but
prompts the user instead.

References:

[1]: Dorey, Fong, and Essex (2016).  \"Indiscreet Logs: Persistent
Diffie-Hellman Backdoors in TLS.\",
`https://eprint.iacr.org/2016/999.pdf'
[2]: Chrome Platform Status (2017).  \"Remove DHE-based ciphers\",
`https://www.chromestatus.com/feature/5128908798164992'
[3]: Merget, Brinkmann, Aviram, Somorovsky, Mittmann, and
Schwenk (2020).  \"Raccoon Attack: Finding and Exploiting
Most-Significant-Bit-Oracles in TLS-DH(E)\"
`https://raccoon-attack.com/RacoonAttack.pdf'"
  (let ((kx (plist-get status :key-exchange)))
    (when (string-match "^\\bDHE\\b" kx)
      (format-message
       "unable to verify Diffie-Hellman key exchange method (%s) parameters"
       kx))))