The fallback DH parameters are weak.

[jeremycline]

There are some default Diffie-Hellman parameters as part of p1_tls_drv.c. These parameters appear to be used in the event that parameters are not provided, but they are only 1024 bits which is considered vulnerable to nation-state level attackers[0]. It would be great if these were bumped up to the 2048-bit MODP Group with 256-bit Prime Order Subgroup parameters (also part of RFC 5114[1], section 2.3).

[0] https://weakdh.org/
[1] https://www.ietf.org/rfc/rfc5114.txt

[bowlofeggs]

If possible, it would be ideal to allow users to provide their own DH params as well. Thanks!

[weiss]

If possible, it would be ideal to allow users to provide their own DH params as well.

That's possible as of ejabberd 15.06, see the dhfile and s2s_dhfile options in the admin guide.

[jeremycline]

@rbarlow also see https://github.com/processone/tls/blob/master/c_src/p1_tls_drv.c#L389 - the parameters are only used in the event that you don't provide your own DH parameters.

[bowlofeggs]

@weiss hey thanks for the tip! I'm currently running 14.07 but I am working on getting updated to 16.01 so I'll bookmark this. +1