Mailing List Archive: How to use DH 4096 parameters?

How to use DH 4096 parameters?

Mar 13, 2022, 7:54 AM

Post #1 of 7 (1014 views)

Hi all,

I am trying to strengthen my HTTPS setup.

One security-checker which is popular in my country is internet.nl <http://internet.nl/>. One thing I have a problem with is their check “Key exchange parameters”.

On my old setup, this was DH 2048, which is considered “insufficient” according to internet.nl <http://internet.nl/>. I have tried the following things:

1) use a 4096 bit RSA key and get a new certificate
2) generate DH params with: openssl dhparam -out /etc/apache2/dhparam.pem 4096
3) in my configuration, added: SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem”

The result of these steps is, that my server now seems to use DH 3072 bit, which is better, but not yet 4096 bit. It’s still considered “insufficient” by the checker. You can see the check results here: https://internet.nl/site/lifeforms.nl/1527698/#control-panel-14 <https://internet.nl/site/lifeforms.nl/1527698/#control-panel-14>

I’m confused where the DH 3072 comes from. My question is, what should I configure so that DH 4096 is sent?

I am running Apache 2.4.52 (from Ondrej Sury) with OpenSSL 1.1.1 from Ubuntu 18.04 LTS.

Any info would be super useful, thanks in advance!

Kind regards,
WH

Re: How to use DH 4096 parameters? [ In reply to ]

wedwards at cyberfusion

Mar 13, 2022, 9:29 AM

Post #2 of 7 (1014 views)

Hi!

> Op 13 mrt. 2022 om 15:54 heeft Walter Hop <apache@spam.lifeforms.nl> het volgende geschreven:
>
> ?Hi all,
>
> I am trying to strengthen my HTTPS setup.
>
> One security-checker which is popular in my country is internet.nl.

And rightly so!

> One thing I have a problem with is their check “Key exchange parameters”.
>
> On my old setup, this was DH 2048, which is considered “insufficient” according to internet.nl. I have tried the following things:
>
> 1) use a 4096 bit RSA key and get a new certificate
> 2) generate DH params with: openssl dhparam -out /etc/apache2/dhparam.pem 4096
> 3) in my configuration, added: SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem”
>
> The result of these steps is, that my server now seems to use DH 3072 bit, which is better, but not yet 4096 bit. It’s still considered “insufficient” by the checker. You can see the check results here: https://internet.nl/site/lifeforms.nl/1527698/#control-panel-14
>
> I’m confused where the DH 3072 comes from. My question is, what should I configure so that DH 4096 is sent?

Is your DH file actually 4096 bits? ;)

Does Apache have a setting similar to tune.ssl.default-dh-param in HAProxy, maybe?

>
> I am running Apache 2.4.52 (from Ondrej Sury) with OpenSSL 1.1.1 from Ubuntu 18.04 LTS.
>
> Any info would be super useful, thanks in advance!
>
> Kind regards,
> WH
>
>
>
>
>

Re: How to use DH 4096 parameters? [ In reply to ]

Mar 13, 2022, 12:08 PM

Post #3 of 7 (1014 views)

Hi William,

>> I’m confused where the DH 3072 comes from. My question is, what should I configure so that DH 4096 is sent?
>
> Is your DH file actually 4096 bits? ;)

It appears to be so when i look at the dhparams.pem file:

openssl dhparam -inform PEM -in /etc/apache2/dhparam.pem -check -text
DH Parameters: (4096 bit)
prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:ad:f8:54:58:a2:bb:
[...]
generator: 2 (0x2)
WARNING: the g value is not a generator

> Does Apache have a setting similar to tune.ssl.default-dh-param in HAProxy, maybe?

I found on https://httpd.apache.org/docs/current/mod/mod_ssl.html: <https://httpd.apache.org/docs/current/mod/mod_ssl.html:> Beginning with version 2.4.7, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072 and 4096 bits and with additional prime lengths of 6144 and 8192 bits beginning with version 2.4.10 (from RFC 3526), and hands them out to clients based on the length of the certificate's RSA/DSA key.

That’s why I thought, if I use a 4096 bit key, it all would end well, but I guess I was wrong…

Cheers,
WH

Re: How to use DH 4096 parameters? [ In reply to ]

rainer.canavan at avenga

Mar 14, 2022, 2:27 AM

Post #4 of 7 (1014 views)

On Sun, Mar 13, 2022 at 8:08 PM Walter Hop <apache@spam.lifeforms.nl> wrote:
[...]

> I’m confused where the DH 3072 comes from. My question is, what should I configure so that DH 4096 is sent?

Your problem is in step 2) generate DH params - internet.nl explicitly
states that "Self-generated groups are 'Insufficient'". Follow their
instructions to download one of the pre-defined groups from RFC 7919
to make that test happy.

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to use DH 4096 parameters? [ In reply to ]

Mar 14, 2022, 9:38 AM

Post #5 of 7 (1014 views)

>> I’m confused where the DH 3072 comes from. My question is, what should I configure so that DH 4096 is sent?
>
> Your problem is in step 2) generate DH params - internet.nl explicitly
> states that "Self-generated groups are 'Insufficient'". Follow their
> instructions to download one of the pre-defined groups from RFC 7919
> to make that test happy.

Thanks for your mail! I noticed that advice and already tried it, but it didn’t work! I’ve copied their file https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem <https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem> to my /etc/apache2/dhparams.pem.

In my Apache config, I am pointing to that file:
SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem”

And I made sure to restart Apache.

However, even with the standard 4096 bit DH params file, still my Apache seems to use 3072 DH… https://internet.nl/site/lifeforms.nl/1529341/#control-panel-14 <https://internet.nl/site/lifeforms.nl/1529341/#control-panel-14>

I’ve also tried using the standard 3072 bit DH params file https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem <https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe3072.pem> as they say this should be ’sufficient’ but the result is still ‘insufficient':
https://internet.nl/site/lifeforms.nl/1529352/#control-panel-14 <https://internet.nl/site/lifeforms.nl/1529352/#control-panel-14>

So I’m still confused how I can use 4096 bit DH params...

Kind regards,
WH

Re: How to use DH 4096 parameters? [ In reply to ]

ylavic.dev at gmail

Mar 14, 2022, 11:02 AM

Post #6 of 7 (1014 views)

On Sun, Mar 13, 2022 at 3:55 PM Walter Hop <apache@spam.lifeforms.nl> wrote:
>
> On my old setup, this was DH 2048, which is considered “insufficient” according to internet.nl. I have tried the following things:
>
> 1) use a 4096 bit RSA key and get a new certificate
> 2) generate DH params with: openssl dhparam -out /etc/apache2/dhparam.pem 4096
> 3) in my configuration, added: SSLOpenSSLConfCmd DHParameters "/etc/apache2/dhparam.pem”

Step 3) does not work anymore with latest openssl versions, the only
way to configure custom dhparams in httpd is to append them to the
certificate file (see
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile).

Regards;
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to use DH 4096 parameters? [ In reply to ]

Mar 14, 2022, 1:32 PM

Post #7 of 7 (1014 views)

On 14 Mar 2022, at 19:02, Yann Ylavic <ylavic.dev@gmail.com> wrote:
>
> Step 3) does not work anymore with latest openssl versions, the only
> way to configure custom dhparams in httpd is to append them to the
> certificate file (see
> https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile>).

Thank you so much! This was the solution.
The scanner is no longer complaining! :) https://internet.nl/site/lifeforms.nl/1529724/# <https://internet.nl/site/lifeforms.nl/1529724/#>

For those who stumble on this thread with the same issue, I’ll review:
- I created a 4096 bit RSA key
- I requested a certificate with Let’s Encrypt
- I appended the RFC's standard 4096 bit DH parameters file to the certificate, e.g.

# wget https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem <https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem>
# cat ffdhe4096.pem >> newcert.pem

(or the name of your certificate)

Restart Apache and it should look great.
Thank you all for the input!

Cheers,
WH