From owner-freebsd-ports@FreeBSD.ORG Thu May 21 08:34:16 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ADD7ECA2; Thu, 21 May 2015 08:34:16 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 44C2F17F0; Thu, 21 May 2015 08:34:16 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.1/8.15.1) with ESMTPSA id t4L8Y0Qm042151 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 21 May 2015 09:34:09 +0100 (BST) (envelope-from matthew@freebsd.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t4L8Y0Qm042151 Authentication-Results: smtp.infracaninophile.co.uk/t4L8Y0Qm042151; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <555D9866.7030507@freebsd.org> Date: Thu, 21 May 2015 09:33:42 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org CC: freebsd-ports@freebsd.org Subject: Re: LogJam exploit can force TLS down to 512 bytes, does it affect us? ? References: <201505202140.t4KLekE6081029@fire.js.berklix.net> <555D0F37.8040605@delphij.net> In-Reply-To: <555D0F37.8040605@delphij.net> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="tHDSLuTq8xdtLdDfvLg1dMmmOQ0rKiSIV" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, RAZOR2_CHECK,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2015 08:34:16 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tHDSLuTq8xdtLdDfvLg1dMmmOQ0rKiSIV Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 05/20/15 23:48, Xin Li wrote: > The document at https://weakdh.org/sysadmin.html gives additional > information for individual daemons, including Apache (mod_ssl), nginx, > lighttpd, Tomcat, postfix, sendmail, dovecot and HAProxy. The part of that https://weakdh.org/ site that concerns me most is the statement about 25.7% of SSH servers being vulnerable if the 1024bit D-H group is broken. We've got pretty good instructions for hardening anything that uses TLS against this attack, but not a lot on SSH. About the only relevant thing I've found is: http://blog.mro.name/2015/05/hardening-ssh-debian-wheezy/ which inter-alia suggests upgrading to OpenSSH-6.6 -- which has been in FreeBSD-10 since March ---, modifying some config parameters: KexAlgorithms, Ciphers, MACs and then regenerating ed25519 and rsa host keys. Err... what? How are ed25519 and rsa host keys affected by a downgrade attack on Diffie-Helman? Cheers, Matthew --tHDSLuTq8xdtLdDfvLg1dMmmOQ0rKiSIV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJVXZh4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnX58QALHD2YU0j6XRLtWYOFer79hr 1piRUhU2qYfs00t3a8D3zei5T2gN64ZWkC/zaYRsQK7ZjladKji4T5Wsp08T46xI Zct93n11f20Nw1kE9qDh43XV/Oun7sTVcQrKmvvaLecx9XwUKTyyWYVrMV5LCqCN +UoTUQPHRy0FXuPNcf3vIV+2XkUuKHOfCGJNSspcsFsHV01dPFzGgOKbTJNU94Xs 3BtbeGgcJtd+bSzfwHwQdY34O9YUYHb7AR9o2Ru0t25k5MeKf7O0eOPZ9yEkJb+r w9rzOz3sUAuadvIuWRK3OOyCB55C92q4dGYfWV6u50+BTTj1D77NiTF/SYTWoLri OdOABz6n3y9EOa+tgKkxTaL5v2f3Pn13JDA+O9x70Jpygb7sfPGGqyX8yemr2EHE 7vdRbvNi5ViLCPEWkH8vGmm8IgAthMQ/jc6KGboOLE6bvYIJTAhJIxgxlSxeMcwD eFT7iMXmCgmRvi/PEeyB1zCcujQ4EpGZQvefz5h/sKBhxWH3F1vUzKruT72FjjV2 dy7YxSRnQ6cvKzte+3ZYhcM40Cj6NJhaikzbZvlAePDy1k6kNCSO/PPKwnTcdewy mn+ETUEa573K7y90Q4FGTMhzcSHywPdWsaYZnjxwvBYhT+wDbv+HuNYOOQpfpsiQ MgHKjP33N0g7LLLrwYZy =F9Z5 -----END PGP SIGNATURE----- --tHDSLuTq8xdtLdDfvLg1dMmmOQ0rKiSIV--