Improve generation speed of Diffie-Hellman parameters for SSL
Open, Needs TriagePublic

Description

Research if generation speed of Diffie-Hellman parameters for SSL can be improved w/o compromising on security.

Idea: adding -dsaparam to openssl

If this option is used, DSA rather than DH parameters are read or created; they are converted to DH format. Otherwise, "strong" primes (such that (p-1)/2 is also prime) will be used for DH parameter generation. DH parameter generation with the -dsaparam option is much faster, and the recommended exponent length is shorter, which makes DH key exchange more efficient. Beware that with such DSA-style DH parameters, a fresh DH key should be created for each use to avoid small-subgroup attacks that may be possible otherwise.

Background: The currently used /usr/bin/openssl dhparam -out /etc/ssl/private/dhparams.pem 4096 takes its fine time, especially running on VMs, which is a hindrance in setting up new dev/test machines with playbooks containing this step.

Reads:

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMon, May 15, 10:59 AM

@gabriel-wmde sagt: "sieht gut aus, das machen wir.".
@kai.nissen?

Sounds reasonable. I'm not a cryptology expert, though.

So we have about 3 * 0.5... Who is the cryptology expert to green-light this?

What is the motivation behind this task? Presumably _something_ is being slower than what we'd like?

@JeroenDeDauw The motivation is indeed the time it takes to generate the Diffie-Hellman Ephemeral. Adding -dsaparam (i.e. DSA converted to DH format) speeds up this process enormously. Research suggests, that it's common practice to do so - but not answering the question if it's wise.

Pablo-WMDE updated the task description. (Show Details)Tue, May 16, 7:27 AM
Pablo-WMDE updated the task description. (Show Details)Tue, May 16, 7:36 AM
Pablo-WMDE updated the task description. (Show Details)Tue, May 16, 7:38 AM
Pablo-WMDE updated the task description. (Show Details)Wed, May 17, 8:46 AM
Pablo-WMDE updated the task description. (Show Details)Wed, May 17, 8:51 AM
kai.nissen added a comment.EditedWed, May 17, 9:46 AM

@Pablo-WMDE mentioned that this is being sent to clients for key exchange anyway. We should generate the parameter once without the option -dsaparam and check it into our repository.

https://security.stackexchange.com/a/94397