Debug School

Cover image for Configure SSL to use Safe Primes in Diffie-Hellman
Suyash Sambhare
Suyash Sambhare

Posted on • Updated on

Configure SSL to use Safe Primes in Diffie-Hellman

As a developer for a web application, one of the pen tests will show the vulnerabilities that the web server uses an unsafe Diffie-Hellman prime in the key exchange.

Listed here are steps to assess whether a website's Diffie Hellman Prime is safe or unsafe?

Diffie-Hellman Prime

openssl dhparam has a -check argument you can use. As evidence, the DHE groups from RFC 7919 which are the only groups you can use for DHE with TLS 1.3 do not pass this check, even though they are safe to use.

The "unsafe" group params are those generated by openssl dhparam -dsaparam. They are actually safe to use as long as your TLS server has SSL_OP_SINGLE_DH_USE set. With OpenSSL 1.1.1, this option is always on.

You can read the code invoked when you run dhparam, dhparam -dsaparam, and dhparam -check.

Either replace the DH group your webserver uses with one generated by openssl dhparam 2048 or use the values from RFC 7919.

To verify the changes following script can be used with a domain name as argument:

set -e
rm -f dh.pcapng
sudo tcpdump -w dh.pcapng &
sleep 2
echo "Q" | openssl s_client -cipher 'EDH' -servername $1 -connect $1:443
sleep 2
sudo killall tcpdump
sleep 2
printf "asn1=SEQUENCE:seq_sect\n[seq_sect]\nfield1=INTEGER:0x" >dh.cnf
tshark -r dh.pcapng -2 -R ssl.handshake.p -T fields -e ssl.handshake.p | sed -e 's/://g' >>dh.cnf
printf "\nfield2=INTEGER:0x" >>dh.cnf
tshark -r dh.pcapng -2 -R ssl.handshake.g -T fields -e ssl.handshake.g | sed -e 's/://g' >>dh.cnf
openssl asn1parse -genconf dh.cnf -noout -out dh.der
openssl dhparam -check -noout -inform DER -in dh.der
Enter fullscreen mode Exit fullscreen mode


NMAP has a script that can help here.

Diffie-Hellman MODP group parameters are extracted and analyzed for vulnerability to Logjam and other weaknesses.

The script can be run from the same directory where the .nse file is saved, run it without adding the .nse extension.
nmap --script ssl-dh-params <target ip/fqdn>


With OpenSSL, you can also extract the key, by using one of the following commands:

openssl s_client -cipher 'DHE' -tls1_2 -msg -connect {server:port}
This will show the bare ServerKeyExchange and the key starts in the 7th hex block.

To get the full data, use -trace instead of -msg This will show the ServerKeyExchange, with the certificate in the dh_p part.

You need to look up the prime numbers manually via a script.


Top comments (0)