From owner-freebsd-ports@FreeBSD.ORG Wed May 20 22:48:24 2015 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BF192BE7; Wed, 20 May 2015 22:48:24 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9F14511F4; Wed, 20 May 2015 22:48:24 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id C77E515BF6; Wed, 20 May 2015 15:48:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1432162103; x=1432176503; bh=sizwBqxrRS4bvALEogW86zpwALspItBxthuBek5ZBR8=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=3lSbtFXKceyJ4RQWk1GaBEQ2oUQXvg7aqgGdVImzCnoSQrJH3GQkI3fVeOs2vaeuH wldf7COu96DQodI3R4lDk1RX1/lPX8nMlcul1eILJtIR3n9SyesQwm/jFh2mQmZH+E m6PJc3bpbRPAi7cDGBdB7ZWPW3ZhQN2E72JuRIC0= Message-ID: <555D0F37.8040605@delphij.net> Date: Wed, 20 May 2015 15:48:23 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: "Julian H. Stacey" , "freebsd-security@freebsd.org" CC: ports@freebsd.org Subject: Re: LogJam exploit can force TLS down to 512 bytes, does it affect us? ? References: <201505202140.t4KLekE6081029@fire.js.berklix.net> In-Reply-To: <201505202140.t4KLekE6081029@fire.js.berklix.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 22:48:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/20/15 14:40, Julian H. Stacey wrote: > Hi security@freebsd.org Please note that security@freebsd.org = secteam@freebsd.org. Since this is posted to ports@ which is public, I'm assuming it's not intended to be in private. > (& bcc'd a couple of friends) > > Refa: http://www.bbc.com/news/technology-32814309 (posted 5 hours > before Wed May 20 23:01:22 CEST 2015) > http://www.theregister.co.uk/2015/05/20/logjam_impact/ 20 May 2015 > at 16:29 > > Does it affect FreeBSD ? If so, I guess security-officer@ will > already be drafting a notification; If not, might it be good PR > anyway to put out a brief summary / statement on a mail list or web > page ? Well, currently OpenSSL do accept weak DH so _arguably_ it does affect FreeBSD, and it's likely to break existing applications if we enforce such restrictions (namely, Java 6). However, system administrator should always follow best practices, like disabling export grade ciphers, use ECDHE and generate their own DH parameters when they implemented PFS. Recommended for system administrators: 1. Check if any of export grade cipher is enabled (here we used port 443, https as example, and it can be used for other TLS enabled services). This can be checked by doing: openssl s_client -connect www.example.com:443 -cipher 'EXPORT' If the connection was successful, then the server supports export grade cipher should be disabled immediately. 2. Make sure that ECDHE is supported. openssl s_client -connect www.example.com:443 -cipher 'ECDH' And the connection should succeed. 3. Make sure you are using unique DH parameters, and configure it in the server. To generate a 2048-bit DH parameter and save as dhparams.pem: openssl dhparam -out dhparams.pem 2048 The document at https://weakdh.org/sysadmin.html gives additional information for individual daemons, including Apache (mod_ssl), nginx, lighttpd, Tomcat, postfix, sendmail, dovecot and HAProxy. I personally find Qualys SSL Labs' SSL/TLS Deployment Best Practices a good reading, by the way. It can be found at: https://www.ssllabs.com/projects/best-practices/ Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD) iQIcBAEBCgAGBQJVXQ83AAoJEJW2GBstM+nsrWMP/3ewU18rj/imD8s2ATtgWFMD WmmaHgGyjqrVd8RyZBRIvsgPYlS2G0gPL2KP3GoeOeyU2dEkGEhvI4cvvpWoqUFW rpY7AxtXQWOKRxY5PVtpU1siuczJ1Na/ypy28y1Dw0CGTf1Ul8rEzrent0kNsQ7b NXD0hZojAhBiMO0XLb3bJqElviz11yDXPou1X12ZkueStP7DGquN081oLWZ4y8+j 19qSqdwkx8OsNLpnD9IUo5RoY5TvxNG53ZgDoGXwKWda8BnswRpDgSs3H2M/OKya cKO7B9VWtIyJnbH5oVsv3VLi7o1n8weitGg1rWpKewZ1caiG+G1c9SmgAeSG1Egm cuy4HV2btCxqSvLJRwAQ7Jbpc/SVnUTWZNrrI8YP7ug3/tzRTat0RpbdhxF3bqbM hK8Pe2zpK6nIBNFhcoJ+CkhE3fW1IOEthSLBkJPgcb0U7mET0Z8kpWNLeJOuh5yJ 5o3ooLap+UtVlv25nQOODQecuNuvBFr0Mx67S4+jgmtUYqe9nFp1AjmPPvntN1GQ sUzqMB7eAtSsxoQbHHGqF74zKk8BbfgqROUbEvcZ4kOsInN/GZ/iaPMUPu8KtieE /ASdpwpxUfbZtu+Vs5fveWSiWmtiz3k1n7JzCWenXkLYW9KUn40fxv/mh7j76lYs Am30LtLxtiZNw59cn2H6 =KtLx -----END PGP SIGNATURE-----