hello,
Firstly, sorry for email sent by mistake earlier.
I have an inquiry regarding chrome's handling of the logjam attack and a possible improvement.
While playing around with some servers with short DH keys (poor configuration, not malicious) I saw both FF
+and Chrome fail the connection with an error similiar to "ssl_error_weak_server_ephemeral_dh_key", just as
+expected. However, if I disabled DHE-based ciphers, the server simply upgraded to a more secure TLS cipher
+and everything worked out fine.
My question is: would there be any security risk with renegotiating TLS ciphers if the browser encounters a
+weak DH key? The implementation in mind is that if FF/Chrome recieve such a weak key, they would restart the
+connection, only avoiding the options like "dhe_rsa_aes_128_sha" and "dhe_rsa_aes_256_sha". I imagine this
+would significantly improve usability.
--
poly
@0xPoly
http://darkdepths.net/pages/public-keys.html