Skip to content

DHE-PSK-* ciphersuites fail when SECLEVEL requires key sizes above 1024 #15808

New issue
New issue
Closed
Closed
DHE-PSK-* ciphersuites fail when SECLEVEL requires key sizes above 1024#15808
Labels
branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: masterApplies to master branchtriaged: bugThe issue/pr is/fixes a bug
Milestone
3.0.0
@tomato42

Description

@tomato42
tomato42
opened on Jun 17, 2021

When I try to establish a connection with TLS 1.2 and one of the DHE-PSK-* ciphers, the server aborts it with the message:

4087A703F27F0000:error:0A00018A:SSL routines:tls_construct_server_key_exchange:dh key too small:ssl/statem/statem_srvr.c:2484:

That's because it loads 1024 bit DH parameters by default.

At the very least, I think the default parameters should be increased to 2048 bit.
I'm not sure if the server should query the minimal key size to select DH parameters so that it continues to work in the future...

Using master f772086

Reproducer:

openssl s_server  -cipher @SECLEVEL=2:DHE-PSK-AES128-CCM -nocert -psk 0102030405 -www

and on separate console:

openssl s_client -connect localhost:4433 -cipher DHE-PSK-AES128-CCM  -psk 0102030405 -no_tls1_3

Metadata

Metadata

Assignees

No one assigned

    Labels

    branch: 1.1.1Applies to OpenSSL_1_1_1-stable branch (EOL)branch: masterApplies to master branchtriaged: bugThe issue/pr is/fixes a bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions