Improve "Key exchange score" (#1124)

Activities

wojciech.kapcia@tigase.net opened 5 years ago

Improve "Key exchange score" from 90 to 100 for strict configuration on https://xmpp.net/result.php?domain=strict.tigase.org&type=client

wojciech.kapcia@tigase.net commented 3 years ago

Even though we had score of 90, and we set the key to 4k:

private static final int EPHEMERAL_DH_KEYSIZE_VALUE = 4096;

Current test results in lowered score:

Server uses Diffie-Hellman parameters of < 2048 bits. Grade capped to B.

wojciech.kapcia@tigase.net commented 3 years ago

This was most likely caused by single domain that was configured with "relaxed" HardenedMode, which affected global configuration of DH size (unfortunately it can be only configured globally via system property). To that end I removed that code so currently DH keysize is forced to 4k.

The issue still stands in terms of making the score 100.

wojciech.kapcia@tigase.net batch edited 6 months ago

Name	Previous Value	Current Value
Iterations	empty	Candidate for next minor release

Type	Task
Priority	Normal
Assignee	wojciech.kapcia@tigase.net
Version	Candidate for next minor release

Iterations

Candidate for next minor release Open

tigase-private/Tigase Public Relations#63 You are not authorized to access this issue
#1074 Closed

Hardened Mode improvements

Issue Votes (0)

Watchers (2)

Reference

tigase/_server/server-core#1124