[Operators] s2s connectivity to jabber.ru -- dh key too small

Jonas Schäfer jonas at wielicki.name
Mon Aug 12 14:35:38 UTC 2019


On Sonntag, 11. August 2019 14:15:56 CEST Evgeny wrote:
> On Sun, Aug 11, 2019 at 2:51 PM, Jonas Schäfer <jonas at wielicki.name>
> 
> wrote:
> > Thanks. I understand that jabber.ru tried to up their DH key size?
> > Apparently,
> > that did not work. I still see dh key size too small. I haven’t
> > figured out
> > how to get openssl to tell me the DH key size they actually use
> > though :(
> > 
> > I suspect they might not have reloaded things properly?
> 
> Here is what `nmap` reports for jabber.ru (on direct TLS c2s port):
> https://gist.github.com/zinid/9c716db24c4c579596dc0cb96f74ac46
> 
> Seems like DH key is 4096 in size. By the way it was 2048 prior to
> configuration change.

On s2s, testssl.sh (which I had to patch to support s2s) reports 1024 bits on 
both IPs: https://paste.debian.net/hidden/97314aea/

kind regards,
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/operators/attachments/20190812/62d329ca/attachment.sig>


More information about the Operators mailing list