I think I figured it out. The problem is this one:

openssl/openssl#9792

Basically, in 2019 OpenSSL overhauled it's DH parameter generation code which resulted in it generating new DH parameters sent by the server that older clients did not like. It appears the more lenient client-side check was kept but eventually the server-side change was reverted during 1.1.1 -- but based on some GDB footwork, it's back in 3.0.0.

Now, options:

  1. Backport the more lenient client side check and copy/paste it into the XRootD source code. All prior versions of clients are still broken but newer ones on RHEL7 would work. I assume this "break everything" is not an option.
  2. Select a fixed DH group, compatible with the old client and new, and hardcode it into the server side to always be used.

I think (2) is the more viable option; hardcoding a known good group is a fairly common solution (see https://wiki.openssl.org/index.php/Diffie-Hellman_parameters).

Unfortunately, XRootD's 512-bit DH is weak enough to not be considered secure by the 1990's; therefore, there's no standardized 512-bit DH group that we can easily reuse. Instead, I'd just suggest generating any old one by hand and hardcode that. Here's an example:

$ openssl dhparam 512 -5
Generating DH parameters, 512 bit long safe prime, generator 5
This is going to take a long time
......................................+..+...................+..+...+.............+......+................+.............+................................................................................+................................................................................+....+...........+...+.............+................+............................................................+...+.........+.............+.........+......+..............................................+....+..............+.................................................+..................+......+..............................+..+..+..........+.............+...........................+....+...+......+................+...+.+....+................+....................................+....+.+................................+............................................+..................+.............+............................................................+................++*++*++*++*++*++*
-----BEGIN DH PARAMETERS-----
MEYCQQDuCROhiIMH6R+BJGDf4OP5SlHM4pYjaODCuO02D8H9FwKopHU0T7XmOHZ7
eUxajA3EqUMqa5AY1+EzFV0JXpEfAgEF
-----END DH PARAMETERS-----

Loading that on the server side would replace the generation code:

https://github.com/xrootd/xrootd/blob/master/src/XrdCrypto/XrdCryptosslCipher.cc#L507-L518

For other sizes of DH parameters, one could simply do a lookup table. RFC 3526 covers examples up through 4096.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.Message ID: <xrootd/xrootd/issues/2014/1577894237@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/2014#issuecomment-1577894237", "url": "https://github.com/xrootd/xrootd/issues/2014#issuecomment-1577894237", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1