2
edits
Security/Server Side TLS: Difference between revisions
typos / wrong links
(It's not at all experimental anymore. It should be noted though what is problematic) |
(typos / wrong links) |
||
| Line 270: | Line 270: | ||
== Pre-defined DHE groups == | == Pre-defined DHE groups == | ||
In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the | In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [https://weakdh.org/ logjam] report showed that it is very likely that a state-level adversary may have broken the most widely used 1024-bit DH group, Oakley group 2, standardized in [https://tools.ietf.org/html/rfc2409#section-6.2 rfc2409]. | ||
For this reason, the use of this group is considered unsafe and you should either: | For this reason, the use of this group is considered unsafe and you should either: | ||
| Line 278: | Line 278: | ||
It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of using a | It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of using a | ||
standardized one when setting up a new server, as advised by the | standardized one when setting up a new server, as advised by the [https://weakdh.org logjam] authors. | ||
== DHE and ECDHE support == | == DHE and ECDHE support == | ||