Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 571194 - dev-lang/ruby:2.3 OpenSSL extension: Only supports weak DH parameters
Summary: dev-lang/ruby:2.3 OpenSSL extension: Only supports weak DH parameters
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugs.ruby-lang.org/issues/11968
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-07 19:33 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2017-10-17 23:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-07 19:33:13 UTC 
From ${URL}:
Description

The following D-H groups are enabled per default:

https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/pkey.rb

These use 512-bit and 1024-bit primes respectively. These are considered weak in 2015 by all present methods of evaluating D-H group size as a security parameter:

http://www.keylength.com/

Weak D-H groups like this were recently implicated in the Logjam attack:

https://weakdh.org/

512-bit D-H keys in particular can be trivially attacked by commodity hardware. I have put in a PR to the openssl gem to remove the 512-bit group:

https://github.com/ruby/openssl/pull/44

However, the 1024-bit group is weak as well. The recommendation of the Logjam paper authors is to upgrade to a 2048-bit group at the minimum.
Comment 1 Hans de Graaff gentoo-dev Security 2016-01-11 20:03:40 UTC 
I'd prefer to see a response from upstream on this bug first. If nothing happens there we could consider adding at least the 512 bit patch locally.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-11 20:11:34 UTC 
(In reply to Hans de Graaff from comment #1)
> I'd prefer to see a response from upstream on this bug first. If nothing
> happens there we could consider adding at least the 512 bit patch locally.

Makes sense. In the mean time; there was a good talk on logjam on 32c3 this year available at https://media.ccc.de/v/32c3-7288-logjam_diffie-hellman_discrete_logs_the_nsa_and_you  :)
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-11-26 00:44:14 UTC 
(In reply to Hans de Graaff from comment #1)
> I'd prefer to see a response from upstream on this bug first. If nothing
> happens there we could consider adding at least the 512 bit patch locally.

Any update on whether you would like to patch or has this now been included?
Comment 4 Hans de Graaff gentoo-dev Security 2016-11-26 07:23:00 UTC 
This only affects ruby 2.3 and newer since older versions don't ship the PKey bindings. It looks like upstream did not treat this as a security bug and the patch got applied to master (which will be 2.4 in december) without planning a backport.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-11-26 12:06:34 UTC 
(In reply to Hans de Graaff from comment #4)
> This only affects ruby 2.3 and newer since older versions don't ship the

Changing rating to reflect not affecting stable packages
Comment 6 Hans de Graaff gentoo-dev Security 2017-07-23 06:18:22 UTC 
Current status:

ruby 2.3.4 does not include this fix
ruby 2.4.1 does include the fix
Comment 7 Hans de Graaff gentoo-dev Security 2017-07-23 08:50:23 UTC 
Fixed in:

dev-lang/ruby-2.3.4-r3