[cl-plus-ssl-devel] [CL-PLUS-SSL-DEVEL][PATCH] call SSL_CTX_set_tmp_rsa_callback to support ephemeral ciphers
Anton Vodonosov
avodonosov at yandex.ru
Thu Feb 6 02:13:53 UTC 2014
06.02.2014, 05:45, "Faré" <fahree at gmail.com>:
> 512 bit RSA keys are broken. The NSA is supposed to be able to do so
> casually, and
> other big malfeasants too (Chinese government, Russia Mafia, etc.).
> Even 1024 bit RSA keys are generally considered broken, though
> somewhat expensive to break.
> It is not a good idea to use RSA keys smaller than 2048 bit.
> I don't know if SSL allows such key size. If not, we're all f*cked.
>
> Also, the default Elliptic Curves used, as invented by the NSA and
> recommended by NIST,
> such as secp256r1, are suspected to be backdoored by the NSA and you
> should use other ones,
> if you can. If SSL can't use alternative, safer, curves, we're all f*cked, too.
> Though as long as they can keep their secrets (ha!), only the NSA can
> read your messages, then.
The case here is that the client (Windows NT machine) only has
cipher allowed by USA export limitations - client requests key exchange with 512 RSA key.
The patch allows cl+ssl to be used with such clients.
Interestingly, that due to the COND bug in the batch it worked with 1024 key OK.
Anyway, the path only handled two cases for temporary RSA keys: 512 and 1024.
I have just added another case - 2048 bits.
More information about the cl-plus-ssl-devel
mailing list