Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-566

Make the Default Ephemeral DH Key Size 2048 with Ability to Override

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.5.0
    • 0.7.0
    • None
    • None
    • Red Hat Enterprise Linux Server release 6.4 (Santiago)

    Description

      See description of logjam
      "The Logjam Attack"
      https://weakdh.org/

      To test you should do:
      [root@bdvs1392 logs]# openssl s_client -connect bdvs1392.svl.ibm.com:8443 -cipher "EDH" | grep "Server Temp Key"
      depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com
      verify error:num=18:self signed certificate
      verify return:1
      depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = bdvs1392.svl.ibm.com
      verify return:1
      Server Temp Key: DH, 768 bits

      The key should >= 1024

      Attachments

        1. KNOX-566-001.patch
          4 kB
          Larry McCay

        Activity

          People

            lmccay Larry McCay
            jeffreyr97 Jeffrey E Rodriguez
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: