Up min size of DHM params to 1024 bits on client

ChangeLog

@@ -2,9 +2,17 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 1.3.12 released 2015-07-??
 
+Security
+   * Increase the minimum size of Diffie-Hellman parameters accepted by the
+     client to 1024 bits, to protect against Logjam attack.
+
 Bugfix
    * Fix thread-safety issue in SSL debug module (found by Edwin van Vliet).
 
+Changes
+   * Add SSL_MIN_DHM_BYTES configuration parameter in config.h to choose the
+     minimum size of Diffie-Hellman parameters accepted by the client.
+
 = mbed TLS 1.3.11 released 2015-06-04
 
 Security

include/polarssl/config.h

@@ -2328,6 +2328,7 @@
 
 /* SSL options */
 //#define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
+//#define SSL_MIN_DHM_BYTES                 128 /**< Min size of the Diffie-Hellman prime */
 //#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 

include/polarssl/ssl.h

@@ -282,6 +282,12 @@
 #define SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
 #endif
 
+/*
+ * Minimum size of the Diffie-Hellman parameters to accept from a server.
+ * The default is 1024 bits (128 bytes) for compatibility reasons.
+ * From a purely security perspective, 2048 bits would be better.
+ */
+#define SSL_MIN_DHM_BYTES             128   /**< Min size of the Diffie-Hellman prime */
 /* \} name SECTION: Module settings */
 
 /*

library/ssl_cli.c

@@ -1445,7 +1445,7 @@ static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
         return( ret );
     }
 
-    if( ssl->handshake->dhm_ctx.len < 64  ||
+    if( ssl->handshake->dhm_ctx.len < SSL_MIN_DHM_BYTES ||
         ssl->handshake->dhm_ctx.len > 512 )
     {
         SSL_DEBUG_MSG( 1, ( "bad server key exchange message (DHM length)" ) );