Jump to: navigation, search

Security/Server Side TLS

4 bytes added, 18:59, 19 June 2015
Undo revision 1080938 by Dirkw (talk)
== Pre-defined DHE groups ==
In order to lower the burden of system administrators, several servers provide pre-computed DH groups. Unfortunately, the [[ |logjam] report showed that it is very likely that a state-level adversary may have broken the most widely used 1024-bit DH group, Oakley group 2, standardized in [[ |rfc2409]].
For this reason, the use of this group is considered unsafe and you should either:
It is currently assumed that standardized 2048 bits DH groups provide sufficient security to resist factorization attacks. However, the careful administrator should generate a random DH group instead of using a
standardized one when setting up a new server, as advised by the [[ |logjam]] authors.
== DHE and ECDHE support ==

Navigation menu