Re: [exim] REPOST: Possible TLS weakness in Exim? (to be not…

Góra strony
Delete this message
Reply to this message
Autor: Ralf G. R. Bergs
Data:  
Dla: Mark Nipper
CC: exim-users
Temat: Re: [exim] REPOST: Possible TLS weakness in Exim? (to be noticed with Opera and Exim 4.50 from Debian stable)
Mark Nipper schrieb:
> On 04 Dec 2006, Ralf G. R. Bergs wrote:
>> <quote>
>> The server selected an encryption method that uses RSA combined with
>> Ephermal (dynamic) Diffie-Hellman (DHE), a method which uses short-lived
>> (temporary) Diffie-Hellman keys authenticated by a signature from the
>> RSA key.
>>
>> I have seen a couple of servers that uses a default DHE length of 512
>> bit or less (I once saw one sending a 256(!) bit key). Such keylengths
>> (<900 bits) are far too short to provide any significant security.
>>
>> I suggest that you check the DHE key-generation configuration of the
>> SMTP server.
>>
>> IMO the length of that key should match the keylength of the
>> certificate, but to get level 3 encryption it must be at least 1024 bits
>> long.
>> </quote>
>
>         I'm certainly no expert on this either, but you can
> change the list of ciphers which exim uses at run-time.  Assuming
> you are using OpenSSL, see:
> ---
> http://www.exim.org/exim-html-4.63/doc/html/spec_html/ch38.html#SECTreqciphssl


Unfortunately I'm not. The Debian version uses GnuTLS.

I've found something in the Exim docs that *might* apply to my problem,
but unfortunately it won't help me because the relevant option isn't yet
implemented:

<quote>
The tls_dhparam option is ignored, because early versions of GnuTLS had
no facility for varying its Diffie-Hellman parameters. I understand that
this has changed, but Exim has not been updated to provide this facility.
</quote>

>         Specifically, the option tls_require_ciphers can be set
> to pretty much any of the options listed at:
> ---
> http://www.openssl.org/docs/apps/ciphers.html

>
>         You might try the "HIGH" option to see if anything
> changes on Opera's side.  Otherwise, you will probably have to be
> more specific and select from the exact cipher suites listed
> below the more generic lists.


That doesn't apply to GnuTLS. For GnuTLS, you can only define the list
of "main cipher" algorithms (I guess that means "symmetric" algorithms)
to be used, which doesn't help me much.

I found mention in the Exim docs to manually generate the
"gnutls-params" file, which I thought might help me.

Unfortunately manually creating the file with the procedure described in
the docs does render the file unreadable with an error message of "TLS
cache read failed". The file format, when created manually, is a
plain-ASCII file (PEM), whereas the file when created automatically by
Exim is a binary file.

As a work-around, I've now manually disabled crypto suites in Opera that
make use of Ephermal (dynamic) Diffie-Hellman (DHE), and now I don't
receive the error message from Opera anymore.

Thanks for your suggestion, tho.