From e9e7ccf8f7b359c2984d23863944288008b71d61 Mon Sep 17 00:00:00 2001 From: Shigeki Ohtsu Date: Wed, 20 May 2015 14:20:26 +0900 Subject: [PATCH] tls: make server not use DHE in less than 1024bits DHE key lengths less than 1024bits is already weaken as pointed out in https://weakdh.org/ . 1024bits will not be safe in near future. We will extend this up to 2048bits somedays later. --- doc/api/tls.markdown | 5 +++-- src/node_crypto.cc | 4 ++++ test/parallel/test-tls-dhe.js | 7 +++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index 657f690343ff03..b108c6edf2657c 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -183,8 +183,9 @@ automatically set as a listener for the [secureConnection][] event. The - `dhparam`: A string or `Buffer` containing Diffie Hellman parameters, required for Perfect Forward Secrecy. Use `openssl dhparam` to create it. - If omitted or invalid, it is silently discarded and DHE ciphers won't be - available. + Its key length should be greater than or equal to 1024bits, otherwise + it throws an error. If omitted or invalid, it is silently discarded and + DHE ciphers won't be available. - `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not finish in this many milliseconds. The default is 120 seconds. diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 03dc7d61807d58..6502a4ccfda302 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -757,6 +757,10 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo& args) { if (dh == nullptr) return; + if (BN_num_bits(dh->p) < 1024) { + return env->ThrowError("DH parameter is less than 1024bits"); + } + SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE); int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh); DH_free(dh); diff --git a/test/parallel/test-tls-dhe.js b/test/parallel/test-tls-dhe.js index 5c9eb87b2e2935..4a208356f0dc40 100644 --- a/test/parallel/test-tls-dhe.js +++ b/test/parallel/test-tls-dhe.js @@ -62,8 +62,11 @@ function test(keylen, expectedCipher, cb) { } function test512() { - test(512, 'DHE-RSA-AES128-SHA256', test1024); - ntests++; + assert.throws(function() { + test(512, 'DHE-RSA-AES128-SHA256', test1024); + }, + /DH parameter is less than 1024bits/ + ); } function test1024() {