From: bascule@... Date: 2016-01-12T17:31:32+00:00 Subject: [ruby-core:72831] [Ruby trunk - Bug #11968] OpenSSL extension only supports weak (512-bit, 1024-bit) Diffie-Hellman groups Issue #11968 has been updated by Tony Arcieri. I have opened a PR on GitHub here: https://github.com/ruby/ruby/pull/1196 ---------------------------------------- Bug #11968: OpenSSL extension only supports weak (512-bit, 1024-bit) Diffie-Hellman groups https://bugs.ruby-lang.org/issues/11968#change-56070 * Author: Tony Arcieri * Status: Open * Priority: Normal * Assignee: * ruby -v: * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN ---------------------------------------- The following D-H groups are enabled per default: https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/pkey.rb These use 512-bit and 1024-bit primes respectively. These are considered weak in 2015 by all present methods of evaluating D-H group size as a security parameter: http://www.keylength.com/ Weak D-H groups like this were recently implicated in the Logjam attack: https://weakdh.org/ 512-bit D-H keys in particular can be trivially attacked by commodity hardware. I have put in a PR to the openssl gem to remove the 512-bit group: https://github.com/ruby/openssl/pull/44 However, the 1024-bit group is weak as well. The recommendation of the Logjam paper authors is to upgrade to a 2048-bit group at the minimum. -- https://bugs.ruby-lang.org/ Unsubscribe: