Phil Pennock wrote:
> On 2012-05-30 at 12:34 +0200, Wolfgang Breyha wrote:
>> RC7 runs smoothly so far. Only "new" stuff in my logs I found is:
>> 2012-05-30 12:07:56 1SZfop-0005Dd-Kw TLS error on connection to
>> service13.mimecast.com [91.220.42.7] (gnutls_handshake): The Diffie-Hellman
>> prime sent by the server is not acceptable (not long enough).
>>
>> Connecting to this host with gnutls-cli offers a VeriSign Cert and
>
> Above that:
> *** Starting TLS handshake
> - Ephemeral Diffie-Hellman parameters
> - Using prime: 768 bits
> - Secret key: 767 bits
> - Peer's public key: 768 bits
>
> I set 1024, which has been the size issued by Exim for a very long time,
> and is very short when considered in light of:
> http://www.keylength.com/en/3/
>
> So 768 is *lower* than:
> Very short-term protection against small organizations
> Should not be used for confidentiality in new systems
> and so falls into the criteria of:
> Attacks in "real-time" by individuals
> Only acceptable for authentication tag size
>
> Thus the size chosen by that site is into the "fooling yourself" level
> of security. If you have contacts with them, you might want to let them
> know that they've got a security misconfiguration.
>
> To unbreak for this release, I will lower the hard-coded minimum from
> 1024 to 512. Eww.
Sorry - I see that cure as worse than the disease.
Potentially FAR worse.
Who is expecting to even need to look at it as part of an upgrade when
the default had not been broken?
> For 4.81, I will switch this limit to be a
> configure-time option, defaulting to 1000 and lowerable to 512. Those
> who want more security can raise the limit.
Bit of a suicide kit, but at least the gun is not handed-over already
loaded.
> I'll make it an expanded
> transport option, so it can be configured per connection and folks
> exchanging data with cooperative systems can raise the minimum.
>
> -Phil
>
That last part DOES add value.
JM2CW from the cheap seats...
Bill
--
韓家標