Transport_Layer_Security_Cheat_Sheet.md: updated section on Diffie-He…

…llman parameters Resolves: OWASP#1453 Signed-off-by: Nikos Mavrogiannopoulos <nikos.mavrogiannopoulos@assaabloy.com>
nmav · Jul 26, 2024 · 062e0fb · 062e0fb
1 parent 0d8bf32
commit 062e0fb
Showing 1 changed file with 24 additions and 6 deletions.
diff --git a/cheatsheets/Transport_Layer_Security_Cheat_Sheet.md b/cheatsheets/Transport_Layer_Security_Cheat_Sheet.md
@@ -36,17 +36,35 @@ There are a large number of different ciphers (or cipher suites) that are suppor
 
 The Mozilla Foundation provides an [easy-to-use secure configuration generator](https://ssl-config.mozilla.org/) for web, database and mail servers. This tool allows site administrators to select the software they are using and receive a configuration file that is optimized to balance security and compatibility for a wide variety of browser versions and server software.
 
-### Use Strong Diffie-Hellman Parameters
+### Do not explicitly set Diffie-Hellman Parameters
 
-Where ciphers that use the ephemeral Diffie-Hellman key exchange are in use (signified by the "DHE" or "EDH" strings in the cipher name) sufficiently secure Diffie-Hellman parameters (at least 2048 bits) should be used
+Whereas in the past the TLS protocol required to set Diffie-Hellman parameters for use by the ephemeral Diffie-Hellman key exchange (signified by the "DHE" or "EDH" strings in the cipher suite name), this caused practical issues. Such as that the client had no say in the selection of server parameters, meaning it could only unconditionally accept or drop, and even resulted to denial of service attacks (CVE-2022-40735, CVE-2002-20001). 
 
-The following command can be used to generate 2048 bit parameters:
+TLS 1.3 restricts Diffie-Hellman group parameters to known groups via the `supported_groups` extension. The available
+Diffie-Hellman groups are `ffdhe2048`, `ffdhe3072`, `ffdhe4096`, `ffdhe6144`, `ffdhe8192` as specified in [RFC7919](https://www.rfc-editor.org/rfc/rfc7919).
 
-```bash
-openssl dhparam -out dhparam2048.pem 2048
+By default openssl 3.0 enables all the above groups. To modify them ensure that the right Diffie-Hellman group parameters are present in `openssl.cnf`. For example
+```
+openssl_conf = openssl_init
+[openssl_init]
+ssl_conf = ssl_module
+[ssl_module]
+system_default = tls_system_default
+[tls_system_default]
+Groups = x25519:prime256v1:x448:ffdhe2048:ffdhe3072
+```
+
+An apache configuration would look like
+```
+SSLOpenSSLConfCmd Groups x25519:secp256r1:ffdhe3072
+```
+
+The same group on NGINX would look like the following
+```
+ssl_ecdh_curve x25519:secp256r1:ffdhe3072;
 ```
 
-The [Weak DH](https://weakdh.org/sysadmin.html) website provides guidance on how various web servers can be configured to use these generated parameters.
+For TLS 1.2 or earlier versions it is recommended not to set Diffie-Hellman parameters.
 
 ### Disable Compression