Date: Thu, 21 May 2015 06:31:52 -0800 From: Royce Williams <royce@tycho.org> To: Mark Felder <feld@freebsd.org> Cc: FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: LogJam exploit can force TLS down to 512 bytes, does it affect us? ? Message-ID: <CA%2BE3k91Vc3VOj2%2B8y-0sTqzYc=FX1%2Bm0RU_rDQDMuPvVuK-0mA@mail.gmail.com> In-Reply-To: <1432218119.630206.274805281.0C31484D@webmail.messagingengine.com> References: <201505202140.t4KLekE6081029@fire.js.berklix.net> <555D0F37.8040605@delphij.net> <1432218119.630206.274805281.0C31484D@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 21, 2015 at 6:21 AM, Mark Felder <feld@freebsd.org> wrote: > > > On Wed, May 20, 2015, at 17:48, Xin Li wrote: > ]> > > Well, currently OpenSSL do accept weak DH so _arguably_ it does affect > > FreeBSD, and it's likely to break existing applications if we enforce > > such restrictions (namely, Java 6). > > > > AFAIK, Java doesn't support >1024 DH key until Java 8. According to the simulated handshakes in the Qualys SSL Labs test results, Java 7 is OK with DH at 2048. Royce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BE3k91Vc3VOj2%2B8y-0sTqzYc=FX1%2Bm0RU_rDQDMuPvVuK-0mA>