On May 19, 2015 10:46 PM, <zlb...@gmail.com> wrote:
>
> I suggest a 768-bit minimum for now, because of Java. As a side note, the latest IcedTea 6/7 release allow 1024-bit DHE but it is not enabled by default.
We are aware, but as Adam said in original message:
"Although this will cause problems for some sites, today’s work shows that we shouldn’t be treating such sites as secure anyway."
"The 1024-bit minimum isn’t sufficient for the long-term."
Ultimately, even 1024-bit is questionable in the face of nation-state adversaries, as demonstrated by the paper and related research. However, it is the minimum most browsers are moving to in the short-term.
Ultimately, if you run one if these Java 6/7 servers, your users are at an unacceptably high security risk, and it would be misleading to suggest to users that things are OK.
Please would I be guided to do away with this error in our machines? Server has a weak ephemeral Diffie-Hellman public key
This is amazing, but Chrome still supports weak DH subgroups:
https://dh-small-subgroup.badssl.com/
To unsubscribe from this group and stop receiving emails from it, send an email to security-dev...@chromium.org.
Chrome 45 (currently in beta) deprecates it. Soon, it will not be supported
On Tue, Jul 28, 2015 at 6:42 PM, <kocma...@gmail.com> wrote:This is amazing, but Chrome still supports weak DH subgroups:
https://dh-small-subgroup.badssl.com/