diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 657f690343ff03..a00b27dab91c94 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -183,8 +183,10 @@ automatically set as a listener for the [secureConnection][] event. The - `dhparam`: A string or `Buffer` containing Diffie Hellman parameters, required for Perfect Forward Secrecy. Use `openssl dhparam` to create it. - If omitted or invalid, it is silently discarded and DHE ciphers won't be - available. + Its key length should be greater than or equal to 1024 bits, otherwise + it throws an error. It is strongly recommended to use 2048 bits or + more for stronger security. If omitted or invalid, it is silently + discarded and DHE ciphers won't be available. - `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not finish in this many milliseconds. The default is 120 seconds. diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 03dc7d61807d58..e2c478a510be84 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -757,6 +757,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo& args) { if (dh == nullptr) return; + const int keylen = BN_num_bits(dh->p); + if (keylen < 1024) + return env->ThrowError("DH parameter is less than 1024 bits"); + else if (keylen < 2048) + fprintf(stderr, "WARNING: DH parameter is less than 2048 bits\n"); + SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE); int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh); DH_free(dh); diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index 5c9eb87b2e2935..92fff3f221b65f 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -62,8 +62,9 @@ function test(keylen, expectedCipher, cb) { } function test512() { - test(512, 'DHE-RSA-AES128-SHA256', test1024); - ntests++; + assert.throws(function() { + test(512, 'DHE-RSA-AES128-SHA256', null); + }, /DH parameter is less than 1024 bits/); } function test1024() { @@ -77,12 +78,13 @@ function test2048() { } function testError() { - test('error', 'ECDHE-RSA-AES128-SHA256', null); + test('error', 'ECDHE-RSA-AES128-SHA256', test512); ntests++; } -test512(); +test1024(); process.on('exit', function() { assert.equal(ntests, nsuccess); + assert.equal(ntests, 3); });