Project

General

Profile

Actions

Feature #28605

closed

Security weakness : Diffie-Hellman key

Added by L'Orphelin Cyril over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Service
Target version:
-
Start date:
02/22/2018
Due date:
% Done:

0%

Estimated time:

Description

Improve the security of Lavoisier for Diffie-Hellman (DH) key exchange parameters .

Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS.

If you have a web or mail server, you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman group.

Actions #1

Updated by Schwarz Lionel over 3 years ago

  • Category set to Service
  • Status changed from In progress to Resolved
  • Assigned To set to Schwarz Lionel

Il faut ajouter dans lavoisier-service.properties:

jdk.tls.ephemeralDHKeySize=2048

cf https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#customizing_dh_keys

Actions

Also available in: Atom PDF