OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.1 Legacy Series »
  • Web interface uses 1024-bit DH parameters
« previous next »
  • Print
Pages: [1]

Author Topic: Web interface uses 1024-bit DH parameters  (Read 3718 times)

Towncivilian

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Web interface uses 1024-bit DH parameters
« on: July 02, 2016, 03:38:32 pm »
Here is an excerpt of the output of testssl.sh testing against the web interface of OPNsense 16.1.18-amd64:

Code: [Select]
Testing all 181 locally available ciphers against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.  Encryption Bits     Cipher Suite Name (RFC)
---------------------------------------------------------------------------------------------------------------------------
 xc030   ECDHE-RSA-AES256-GCM-SHA384       ECDH 256   AESGCM    256      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 xc028   ECDHE-RSA-AES256-SHA384           ECDH 256   AES       256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 xc014   ECDHE-RSA-AES256-SHA              ECDH 256   AES       256      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 x9f     DHE-RSA-AES256-GCM-SHA384         DH 1024    AESGCM    256      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 x6b     DHE-RSA-AES256-SHA256             DH 1024    AES       256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 x39     DHE-RSA-AES256-SHA                DH 1024    AES       256      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 x88     DHE-RSA-CAMELLIA256-SHA           DH 1024    Camellia  256      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
 x9d     AES256-GCM-SHA384                 RSA        AESGCM    256      TLS_RSA_WITH_AES_256_GCM_SHA384
 x3d     AES256-SHA256                     RSA        AES       256      TLS_RSA_WITH_AES_256_CBC_SHA256
 x35     AES256-SHA                        RSA        AES       256      TLS_RSA_WITH_AES_256_CBC_SHA
 x84     CAMELLIA256-SHA                   RSA        Camellia  256      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 xc02f   ECDHE-RSA-AES128-GCM-SHA256       ECDH 256   AESGCM    128      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 xc027   ECDHE-RSA-AES128-SHA256           ECDH 256   AES       128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 xc013   ECDHE-RSA-AES128-SHA              ECDH 256   AES       128      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 x9e     DHE-RSA-AES128-GCM-SHA256         DH 1024    AESGCM    128      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 x67     DHE-RSA-AES128-SHA256             DH 1024    AES       128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 x33     DHE-RSA-AES128-SHA                DH 1024    AES       128      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 x45     DHE-RSA-CAMELLIA128-SHA           DH 1024    Camellia  128      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
 x9c     AES128-GCM-SHA256                 RSA        AESGCM    128      TLS_RSA_WITH_AES_128_GCM_SHA256
 x3c     AES128-SHA256                     RSA        AES       128      TLS_RSA_WITH_AES_128_CBC_SHA256
 x2f     AES128-SHA                        RSA        AES       128      TLS_RSA_WITH_AES_128_CBC_SHA
 x41     CAMELLIA128-SHA                   RSA        Camellia  128      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 x0a     DES-CBC3-SHA                      RSA        3DES      168      TLS_RSA_WITH_3DES_EDE_CBC_SHA

The 1024-bit DH parameters are generally considered insufficient; see weakdh.org. I feel that 2048-bit DH parameters (at a minimum) should be included out of the box, and ideally would be randomly generated at installation time.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13692
  • Karma: 1176
    • View Profile
Re: Web interface uses 1024-bit DH parameters
« Reply #1 on: July 02, 2016, 04:54:26 pm »
Hi there,

Thanks for the analysis. It looks like the old behaviour of lighttpd is still in place which was pre-1.4.29. Back then, no DH could be selected.

Things have changed since then, namely: https://redmine.lighttpd.net/projects/1/wiki/Docs_SSL#Diffie-Hellman-and-Elliptic-Curve-Diffie-Hellman-parameters

I don't know about generating these on the fly, larger DH can take forever on small hardware.

I will ask Ad to look at this, but I can't promise anything for the initial 16.7 at this point.


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.1 Legacy Series »
  • Web interface uses 1024-bit DH parameters
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2