[gnutls-help] --bits should not arbitrarily prohibit me from creating small dh params

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 29 21:32:23 CEST 2013


On 09/27/2013 02:56 AM, Micah Anderson wrote:

> Hello, I would prefer to use certtool over openssl in order to 
> generate the DH parameter files that I need for my postfix MTA 
> installations, unfortunately it seems as if certtool is not letting 
> me create smaller bit sizes. Postfix currently accepts two possible 
> settings:
> 
> http://www.postfix.org/postconf.5.html#smtpd_tls_dh512_param_file 
> http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file it
> seems I cannot generate the dh512 param file with certtool:

Hello Micah,
 Indeed it doesn't work. It requires some changes in the DH generation
code, but there is not much incentive to do that. A 512-bit DH group is
pretty much toy encryption.

There is a nice story about breaking RSA with 512-bits (while it is not
the same problem as DH the security level/effort required is equivalent)
http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/

Even 1024-bit DH is quite weak for today's standards. See keylength.com
for acceptable sizes.

> I believe that this is a too small bit size, but in a MTA world, I 
> need to be able to gracefully accept smaller bit sizes if a client 
> only can do those. If I do not configure the 512bit file, that means
>  is if someone connects to my MTA who is only offering 512bits of DH,
>  then I would refuse to talk to them and we'd just do it in the 
> clear... that is not a good situation. Postfix will use the better 
> parameters when peers can accept them, but I need to still be able
> to work with peers that cannot accept the reasonable parameters.

Not really. The server is the one who is proposing the DH parameters so
you shouldn't have any issues. Would you mind to elaborate on the issues
you had? I'm quite interested.

regards,
Nikos




More information about the Gnutls-help mailing list