Support FFDHE?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Support FFDHE?

John Jiang
Hi,
It sounds FFDHE groups are already supported [1]
But the tools, like s_client, also support them.
Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
it just raised the issue: Error with command: "-groups ffdhe2048"
If using P-256 or X25519, it worked fine.

I also tried option "-groups FFDHE2048". The same error raised again.

Reply | Threaded
Open this post in threaded view
|

Re: Support FFDHE?

John Jiang
I would have highlighted that OpenSSL 1.1.1d was being used in my testing.

On Thu, Feb 27, 2020 at 5:13 PM John Jiang <[hidden email]> wrote:
Hi,
It sounds FFDHE groups are already supported [1]
But the tools, like s_client, also support them.
Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
it just raised the issue: Error with command: "-groups ffdhe2048"
If using P-256 or X25519, it worked fine.

I also tried option "-groups FFDHE2048". The same error raised again.

Reply | Threaded
Open this post in threaded view
|

Re: Support FFDHE?

Nicola Tuveri-2
FFDHE arrived quite late so it missed the window for being included in the 1.1.1 release and won't be added to it in a patch release as it is a new feature.

FFDHE support is available in master so it will be part of the upcoming 3.0 release and it is already possible to test it using a development build from latest master. 


Best regards, 

Nicola Tuveri 

On Thu, Feb 27, 2020, 10:15 John Jiang <[hidden email]> wrote:
I would have highlighted that OpenSSL 1.1.1d was being used in my testing.

On Thu, Feb 27, 2020 at 5:13 PM John Jiang <[hidden email]> wrote:
Hi,
It sounds FFDHE groups are already supported [1]
But the tools, like s_client, also support them.
Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
it just raised the issue: Error with command: "-groups ffdhe2048"
If using P-256 or X25519, it worked fine.

I also tried option "-groups FFDHE2048". The same error raised again.

Reply | Threaded
Open this post in threaded view
|

Re: Support FFDHE?

OpenSSL - User mailing list
In reply to this post by John Jiang
  • Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port

 

TLS 1.3 doesn’t have those groups.

 

Reply | Threaded
Open this post in threaded view
|

Re: Support FFDHE?

John Jiang

On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich <[hidden email]> wrote:
  • Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port

 

TLS 1.3 doesn’t have those groups.

Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.
enum {

    /* Elliptic Curve Groups (ECDHE) */
    secp256r1(0x0017), secp384r1(0x0018), secp521r1(0x0019),
    x25519(0x001D), x448(0x001E),

    /* Finite Field Groups (DHE) */
    ffdhe2048(0x0100), ffdhe3072(0x0101), ffdhe4096(0x0102),
    ffdhe6144(0x0103), ffdhe8192(0x0104),

    /* Reserved Code Points */
    ffdhe_private_use(0x01FC..0x01FF),
    ecdhe_private_use(0xFE00..0xFEFF),
    (0xFFFF)
} NamedGroup;

Reply | Threaded
Open this post in threaded view
|

Re: Support FFDHE?

OpenSSL - User mailing list

>Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.

 

I was wrong, sorry for the distraction.

 

As others have pointed out, it will be in the next (3.0) release.

Reply | Threaded
Open this post in threaded view
|

Re: Support FFDHE?

OpenSSL - User mailing list
On 2020-02-28 03:37, Salz, Rich via openssl-users wrote:
>
> *>*Per section Supported Groups in RFC 8446 [1], FFDHE groups could be
> supported.
>
> I was wrong, sorry for the distraction.
>
> As others have pointed out, it will be in the next (3.0) release.
>
Note that the group identifiers for the hardwired DH groups were also
present in TLS 1.2, though it is generally safer to use random groups
not shared with other hosts.

The RFC that introduced these groups also added crazy rules that
signaling support for those groups should disable general FFDH
support, making implementation for TLS 1.2 inadvisable.

With the removal of general FFDH from TLS 1.3, it has now become
advisable to implement for TLS 1.3 session but ignore for TLS 1.2
and below sessions, as if not implemented for those, at least as a
default-on compatibility option.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded