Issue #11968 has been reported by Tony Arcieri.

----------------------------------------
Bug #11968: OpenSSL extension only supports weak (512-bit, 1024-bit) Diffie-Hellman groups
https://bugs.ruby-lang.org/issues/11968

* Author: Tony Arcieri
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
The following D-H groups are enabled per default:

https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/pkey.rb

These use 512-bit and 1024-bit primes respectively. These are considered weak in 2015 by all present methods of evaluating D-H group size as a security parameter:

http://www.keylength.com/

Weak D-H groups like this were recently implicated in the Logjam attack:

https://weakdh.org/

512-bit D-H keys in particular can be trivially attacked by commodity hardware. I have put in a PR to the openssl gem to remove the 512-bit group:

https://github.com/ruby/openssl/pull/44

However, the 1024-bit group is weak as well. The recommendation of the Logjam paper authors is to upgrade to a 2048-bit group at the minimum.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>