tls: make server not use DHE in less than 1024bits for fix agaist Logjam Attack (!1739) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/shigeki/fix_LogjamAttack into master May 20, 2015

DHE key lengths less than 1024bits is already weaken as pointed out in https://weakdh.org/ . 1024bits will not be safe in near future. We will extend this up to 2048bits somedays later.

What do about for clients? We can obtain DHE keylength via SSL_get_server_tmp_key() but I think we'd better to have an new options to limit the DHE key size with 1024bits default. Thoughts?

CI results are https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/697/. It looks fine except jenkins, child_process and sync-io-option error.

R= @bnoordhuis @indutny

Admin message

Admin message

tls: make server not use DHE in less than 1024bits for fix agaist Logjam Attack

Merge request reports