Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: prevent server from using dhe keys < 768 #3890

Closed
wants to merge 1 commit into from
Closed

tls: prevent server from using dhe keys < 768 #3890

wants to merge 1 commit into from

Commits on Nov 19, 2015

  1. tls: prevent server from using dhe keys < 768 

    As part of the fix for logjam, node was upgraded to a
level of openssl which rejects connections to servers that
are using keys smaller than 768 bits. It is still possible,
however, to create a server that uses a smaller key size
and and older client may be able to connect to it.

This PR moves us to a secure by default stance on the
server side as well, preventing the creation of a server
using a dhe key size less than 768. This can be overridden
with the command line option which is also added.

It is derived from

nodejs@9b35be5

which was landed in later io.js/node versions but makes
the limit 1024.  This PR uses the smaller limit in order
to meet the recomendations for logjam while matching was
was done on the client side in openssl to minimize the
potential impacton users.

The command line option will only be documented in the
release notes and will not be added to the tls
documentation.  The goal is that people who are
upgrading are aware and can use the option if they
run into issues, but otherwise the option is not
visible/used.

Address review comments 1

Address second set of review comments
    @mhdawson
    mhdawson committed Nov 19, 2015
    Configuration menu
    Copy the full SHA
    634c2d4 View commit details
    Browse the repository at this point in the history