Opened 4 years ago

Closed 4 years ago

#1580 closed task (fixed)

Use stronger DH parameters

Reported by: killyourtv Owned by:
Priority: major Milestone: undecided
Component: www/i2p Version: 0.9.19
Keywords: security Cc: backup, Eche|on
Parent Tickets: Sensitive: no

Description (last modified by killyourtv)

Just like #1427 with RC4, we could better protect users by using better dhparams on our Internet facing sites.

According to https://weakdh.org/sysadmin.html geti2p.net and syndie.net are vulnerable to logjam.

These reseed servers are also vulnerable

  • 193.150.121.66
  • reseed.i2p-projekt.de
  • i2p.mooo.com

Subtickets

Change History (6)

comment:1 Changed 4 years ago by killyourtv

Description: modified (diff)
Milestone: undecided

comment:2 Changed 4 years ago by zzz

Cc: backup Eche|on added

comment:3 Changed 4 years ago by backup

Remark with DH 2048:
Java 6u45 clients are then reduced to two remaining (secure) ciphers:

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

and no PFS.

comment:4 Changed 4 years ago by str4d

Keywords: security added

comment:5 Changed 4 years ago by str4d

Status: newopen

comment:6 Changed 4 years ago by backup

Resolution: fixed
Status: openclosed
  • i2p.mooo.com: fixed by owner :-) Thanks!
  • reseed.i2p-projekt.de: fixed by owner :-) Thanks!
  • 193.150.121.66: reseed server was defect, same su3-file to every client - url removed!

Thanks very much, backup

Note: See TracTickets for help on using tickets.