Weak Diffie-Hellman Vulnerability: Setting Custom DH params
32 views
Skip to first unread message
Joe
Sep 27, 2024, 5:19:53 PM9/27/24
to TURN Server (Open-Source project)
Hi Folks,
With OpenSSL 3.0.14, I can see the custom key is honored using openssl:
This is related to LogJam vulnerability and remediation described in this document: https://weakdh.org/sysadmin.html
As suggested in the remediation steps, I'm generating a custom DH TLS key and setting it using the dh-file config option. However, it doesn't look like the key is being used by Coturn when compiled against OpenSSL 1.1.1k vs OpenSSL 3.0.14.
openssl s_client -cipher 'DHE' -tls1_2 -msg -connect localhost:443
In the openssl output, I can see the custom prime under the ServerKeyExchange section. I can compare the prime with the output of openssl dhparam -in custom_dh.key -noout -text and confirm that they do in fact match.
However, with OpenSSL 1.1.1k, the prime number displayed in the output matches a "hard-coded" prime (as defined in RFC3526). That is
openssl s_client -cipher 'DHE' -tls1_2 -msg -connect localhost:443
...
<<< TLS 1.2, Handshake [length 030f], ServerKeyExchange 0c 00 03 0b 01 00 ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd ef 95 19 b3 cd 3a 43 1b 30 2b ...In both cases, the ciphers are identical (as indicated by openssl output):
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Furthermore, the coturn logs do not indicate any problems with the custom DH TLS key, so I assume it is being accepted.
2024-09-27T03:29:11+0000(72534): INFO: Coturn Version Coturn-4.6.2 'Gorst'
2024-09-27T03:29:11+0000(72534): INFO: OpenSSL compile-time version: OpenSSL 1.1.1k FIPS 25 Mar 2021 (0x101010bf)
2024-09-27T03:29:11+0000(72534): INFO: OpenSSL compile-time version: OpenSSL 1.1.1k FIPS 25 Mar 2021 (0x101010bf)
Admittedly, I'm not a security or coturn expert. However, our security team is reporting a vulnerability due to detection of "commonly used primes", and I am tasked with resolving it.
Any help or assistance is much appreciated.
Thank you,
Joe
Sep 27, 2024, 5:30:18 PM9/27/24
to TURN Server (Open-Source project)
Also, it is worth mentioning that I disabled ciphers that use DHE via the coturn cipher-list option. According to coturn logs, the ciphers are limited, but apparently the client can still request them:
INFO: TLS cipher suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
INFO: DTLS cipher suite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
Reply all
Reply to author
Forward
0 new messages