Ilari Liusvaara <ilariliusva...@welho.com> writes: >1) Advertise DHE, accept weak groups. Vulernable to LOGJAM.
Only if the weak groups you accept are 512 bits. A bigger question is, why does Chrome think it's up to it to decide whether the device user's choice of key size is appropriate or not? As I mentioned earlier, in many cases 1024-bit keys are not only perfectly fine but more than enough. In fact given the hardness of the DLP they're probably OK in virtually all cases as long as everyone doesn't share the same group2 prime. The crazy thing is that although Chrome rejects a connection to a PFS, relatively safe (via the DLP's hardness) 1024-bit DHE server, it's perfectly happy connecting to a far less safe (both in terms of factorability and use of pure RSA) 1024-bit RSA server. This is "security" done backwards! Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
