daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: make server not use DHE in less than 1024bits 

DHE key lengths less than 1024bits is already weaken as pointed out in
https://weakdh.org/ . 1024bits will not be safe in near future. We
will extend this up to 2048bits somedays later.

PR-URL: https://github.com/nodejs/io.js/pull/1739
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
pull/1749/head
Shigeki Ohtsu 2015-05-20 14:20:26 +09:00
parent f0a8bc3f84
commit 9b35be5810
3 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/api/tls.markdown
View File

@ -183,8 +183,10 @@ automatically set as a listener for the [secureConnection][] event. The
- `dhparam`: A string or `Buffer` containing Diffie Hellman parameters, - `dhparam`: A string or `Buffer` containing Diffie Hellman parameters,
required for Perfect Forward Secrecy. Use `openssl dhparam` to create it. required for Perfect Forward Secrecy. Use `openssl dhparam` to create it.
If omitted or invalid, it is silently discarded and DHE ciphers won't be Its key length should be greater than or equal to 1024 bits, otherwise
available. it throws an error. It is strongly recommended to use 2048 bits or
more for stronger security. If omitted or invalid, it is silently
discarded and DHE ciphers won't be available.
- `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not - `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not
finish in this many milliseconds. The default is 120 seconds. finish in this many milliseconds. The default is 120 seconds.

6
src/node_crypto.cc
View File

@ -757,6 +757,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
if (dh == nullptr) if (dh == nullptr)
return; return;
const int keylen = BN_num_bits(dh->p);
if (keylen < 1024)
return env->ThrowError("DH parameter is less than 1024 bits");
else if (keylen < 2048)
fprintf(stderr, "WARNING: DH parameter is less than 2048 bits\n");
SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE);
int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh); int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh);
DH_free(dh); DH_free(dh);

10
test/parallel/test-tls-dhe.js
View File

@ -62,8 +62,9 @@ function test(keylen, expectedCipher, cb) {
} }
function test512() { function test512() {
test(512, 'DHE-RSA-AES128-SHA256', test1024); assert.throws(function() {
ntests++; test(512, 'DHE-RSA-AES128-SHA256', null);
}, /DH parameter is less than 1024 bits/);
} }
function test1024() { function test1024() {
@ -77,12 +78,13 @@ function test2048() {
} }
function testError() { function testError() {
test('error', 'ECDHE-RSA-AES128-SHA256', null); test('error', 'ECDHE-RSA-AES128-SHA256', test512);
ntests++; ntests++;
} }
test512(); test1024();
process.on('exit', function() { process.on('exit', function() {
assert.equal(ntests, nsuccess); assert.equal(ntests, nsuccess);
assert.equal(ntests, 3);
}); });