Ilari Liusvaara <ilariliusva...@welho.com> writes: >The Diffie-Hellman support in TLS 1.2 is severly broken. There is no way to >use it safely on client side. This has lead to e.g., all the web browers to >remove support for it.
It's actually pretty simple, don't use toy key sizes. Many implementations were never vulnerable to Logjam et al because they applied the simple measure of... not using toy key sizes. >There is no way to ensure that the parameters sent are not totally broken, >e.g.: This requires that the server that you're connecting to is malicious. If you're connecting to a malicious server then you've got bigger things to worry about then what they set g to. >This has lead to e.g., all the web browers to remove support for it. Because throwing out the baby with the bathwater and jumping on the next shiny thing that comes along every time someone points out a problem seems to be a requirement for crypto protocol implementers. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
