diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 38649b55085313..52258a548b7ba6 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -160,8 +160,10 @@ automatically set as a listener for the [secureConnection][] event. The - `dhparam`: A string or `Buffer` containing Diffie Hellman parameters, required for Perfect Forward Secrecy. Use `openssl dhparam` to create it. - If omitted or invalid, it is silently discarded and DHE ciphers won't be - available. + Its key length should be greater than or equal to 1024 bits, otherwise + it throws an error. It is strongly recommended to use 2048 bits or + more for stronger security. If omitted or invalid, it is silently + discarded and DHE ciphers won't be available. - `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not finish in this many milliseconds. The default is 120 seconds. diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 1d112001e88a0b..797ff09e0b2408 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -754,6 +754,12 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo& args) { if (dh == nullptr) return; + const int keylen = BN_num_bits(dh->p); + if (keylen < 1024) + return env->ThrowError("DH parameter is less than 1024 bits"); + else if (keylen < 2048) + fprintf(stderr, "WARNING: DH parameter is less than 2048 bits\n"); + SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE); int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh); DH_free(dh); diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index eb59c84957b52d..86db89b6b28edf 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -61,8 +61,9 @@ function test(keylen, expectedCipher, cb) { } function test512() { - test(512, 'DHE-RSA-AES128-SHA256', test1024); - ntests++; + assert.throws(function() { + test(512, 'DHE-RSA-AES128-SHA256', null); + }, /DH parameter is less than 1024 bits/); } function test1024() { @@ -76,12 +77,13 @@ function test2048() { } function testError() { - test('error', 'ECDHE-RSA-AES128-SHA256', null); + test('error', 'ECDHE-RSA-AES128-SHA256', test512); ntests++; } -test512(); +test1024(); process.on('exit', function() { assert.equal(ntests, nsuccess); + assert.equal(ntests, 3); });