Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add probing for Diffie-Hellman key exchange, where the prime is less than 2048 bits #66

Open
forgedhallpass opened this issue Aug 1, 2022 · 2 comments
Open

Add probing for Diffie-Hellman key exchange, where the prime is less than 2048 bits #66

forgedhallpass opened this issue Aug 1, 2022 · 2 comments
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: On Hold Similar to blocked, but is assigned to someone Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@forgedhallpass
Copy link
Contributor

forgedhallpass commented Aug 1, 2022
edited
Loading

image

Results from sslscan:
image

Inputs for testing:

dh480.badssl.com 
dh512.badssl.com 
dh1024.badssl.com
dh2048.badssl.com
dh-small-subgroup.badssl.com
dh-small-subgroup.badssl.com
@forgedhallpass forgedhallpass added the Type: Enhancement Most issues will probably ask for additions or changes. label Aug 1, 2022
@ehsandeep
Copy link
Member

ehsandeep commented Aug 1, 2022
edited by Mzack9999
Loading

Assigned as part of #20

@forgedhallpass forgedhallpass added the Priority: Medium This issue may be useful, and needs some attention. label Aug 2, 2022
@Mzack9999 Mzack9999 self-assigned this Aug 3, 2022
@Mzack9999 Mzack9999 added Status: In Progress This issue is being worked on, and has someone assigned. and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Aug 3, 2022
@Mzack9999 Mzack9999 mentioned this issue Aug 8, 2022
Merged
2 tasks
@Mzack9999 Mzack9999 added the Status: On Hold Similar to blocked, but is assigned to someone label Sep 4, 2022
@Mzack9999
Copy link
Member

Mzack9999 commented Sep 4, 2022
edited
Loading

On Hold - It's unclear how to define the DHE prime size in the tls standard library and ztls. Reading around, it looks like the size is defined server side. It can be detected by trying to dial a tls handshake with an elliptic curve using Diffie-Hellman (e.g. openssl s_client -connect dh512.badssl.com:443 -cipher "EDH"), then obtaining the key size directly via raw material or from a pcap capture (ref. openssl/openssl#19057). The following are two possible methods to implement the feature:

  • Turn openssl from cgo bindings to CLI bindings, then use the previous command
  • Capture via pcap and gopacket

Custom implementation by parsing raw material or altering tls/ztls shouldn't be considered.
Blocked by #135

@Mzack9999 Mzack9999 mentioned this issue Dec 12, 2022
Closed
@Mzack9999 Mzack9999 removed their assignment Feb 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Medium This issue may be useful, and needs some attention. Status: On Hold Similar to blocked, but is assigned to someone Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ehsandeep @Mzack9999 @forgedhallpass