Skip to content

Commit

Permalink
tls: make server not use DHE in less than 1024bits
Browse files Browse the repository at this point in the history
DHE key lengths less than 1024bits is already weaken as pointed out in
https://weakdh.org/ . 1024bits will not be safe in near future. We
will extend this up to 2048bits somedays later.

PR-URL: nodejs/node#1739
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
  • Loading branch information
Shigeki Ohtsu authored and andrewdeandrade committed Jun 3, 2015
1 parent 24b2096 commit 5e8380e
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 6 deletions.
6 changes: 4 additions & 2 deletions doc/api/tls.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -183,8 +183,10 @@ automatically set as a listener for the [secureConnection][] event. The

- `dhparam`: A string or `Buffer` containing Diffie Hellman parameters,
required for Perfect Forward Secrecy. Use `openssl dhparam` to create it.
If omitted or invalid, it is silently discarded and DHE ciphers won't be
available.
Its key length should be greater than or equal to 1024 bits, otherwise
it throws an error. It is strongly recommended to use 2048 bits or
more for stronger security. If omitted or invalid, it is silently
discarded and DHE ciphers won't be available.

- `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not
finish in this many milliseconds. The default is 120 seconds.
Expand Down
6 changes: 6 additions & 0 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -757,6 +757,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
if (dh == nullptr)
return;

const int keylen = BN_num_bits(dh->p);
if (keylen < 1024)
return env->ThrowError("DH parameter is less than 1024 bits");
else if (keylen < 2048)
fprintf(stderr, "WARNING: DH parameter is less than 2048 bits\n");

SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE);
int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh);
DH_free(dh);
Expand Down
10 changes: 6 additions & 4 deletions test/parallel/test-tls-dhe.js
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,9 @@ function test(keylen, expectedCipher, cb) {
}

function test512() {
test(512, 'DHE-RSA-AES128-SHA256', test1024);
ntests++;
assert.throws(function() {
test(512, 'DHE-RSA-AES128-SHA256', null);
}, /DH parameter is less than 1024 bits/);
}

function test1024() {
Expand All @@ -77,12 +78,13 @@ function test2048() {
}

function testError() {
test('error', 'ECDHE-RSA-AES128-SHA256', null);
test('error', 'ECDHE-RSA-AES128-SHA256', test512);
ntests++;
}

test512();
test1024();

process.on('exit', function() {
assert.equal(ntests, nsuccess);
assert.equal(ntests, 3);
});

0 comments on commit 5e8380e

Please sign in to comment.