Improve "Key exchange score" (#1124)

Wojciech Kapcia (Tigase) opened 5 years ago

Improve "Key exchange score" from 90 to 100 for strict configuration on https://xmpp.net/result.php?domain=strict.tigase.org&type=client

Wojciech Kapcia (Tigase) commented 4 years ago
Even though we had score of 90, and we set the key to 4k:

private static final int EPHEMERAL_DH_KEYSIZE_VALUE = 4096;

Current test results in lowered score:

Server uses Diffie-Hellman parameters of < 2048 bits. Grade capped to B.
Wojciech Kapcia (Tigase) commented 4 years ago

This was most likely caused by single domain that was configured with "relaxed" HardenedMode, which affected global configuration of DH size (unfortunately it can be only configured globally via system property). To that end I removed that code so currently DH keysize is forced to 4k.

The issue still stands in terms of making the score 100.
Wojciech Kapcia (Tigase) batch edited 1 year ago
Name Previous Value Current Value
Iterations
empty
Candidate for next minor release
Login to comment

Name	Previous Value	Current Value
Iterations	empty	Candidate for next minor release

Type	Task
Priority	Normal
Assignee	Wojciech Kapcia (Tigase)
Version	Candidate for next minor release

Iterations

Issue Votes (0)

Watchers (2)

Reference

tigase/_server/server-core#1124