AnsweredAssumed Answered

Weak DH warning on 0x9e,0x9f cipher suites

Question asked by brihow on Jun 2, 2015
Latest reply on Jun 4, 2015 by Lily Wilson

IN MS14-066, Microsoft added new cipher suites that support Forward Secrecy and Authenticated Encryption with Associated Data (FS + AEAD).  Unfortunately, for all but the latest (Windows 10) builds, Microsoft did not include ECDHE, instead supporting DHE.  This makes supporting the "best" Microsoft suites in conflict with the SSL Labs guidance to disable Diffie Hellman with less than 2048bit parameters.

 

MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014

 

  • Some customers have reported an issue that's related to the changes in this release.
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256


In MS15-055 Microsoft implemented the "LogJam Fix" to set the minimum DH key to 1024bit.

MS15-055: Vulnerability in Schannel could allow information disclosure: May 12, 2015

 

SSL Labs reports based on being 1024 bit, regardless of whether the DH group is "unique or infrequently used".

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. 

 

Even though WeakDH.ORG says.  Ideally the grade should only be capped to B if both conditions (<=1024 AND common DH Group) are met.

 

Good News! This site uses a unique or infrequently used 1024-bit Diffie-Hellman group. You are likely safe, but it's still a good idea to generate a unique, 2048-bit group for the site.

 

 

 

IPConnectedTLSInsecureDHE_EXPORTDHEChrome
W.X.Y.Z.No

1024-bits

ECDHE

Outcomes