From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] vpnmain.cgi: Mark MODP-1536 as broken, phase out MODP-2048
Date: Sat, 06 Aug 2022 07:17:47 +0000
Message-ID: <ca2f848c-f6c0-8f62-31b2-94b30827b308@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0579897145120413643=="
List-Id: <development.lists.ipfire.org>

--===============0579897145120413643==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf (released in
2015) recommends "to use primes of 2048 bits or larger", to which BSI's
techical guideline BSI-TR-02102 (https://www.bsi.bund.de/SharedDocs/Downloads=
/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=
=3DpublicationFile&v=3D5)
concurs. The latter also recommends not to use DH groups comprising of
less than 2000 bits after 2022, and shift to 3000 bit DH groups earlier
as a precaution.

According to RFC 3526, section 8, MODP-1536 provides an estimated
security between 90 and 120 bits, a value that can be reasonably
considered broken today, as it has been so for other types of
cryptographic algorithms already, and per section 2.4 in the
aforementioned paper, breaking 1024-bit DH is considered feasible for
the NSA in 2015, which does not inspire confidence for MODP-1536 in
2022.

Therefore, this patch suggests to mark MODP-1536 as broken, since it
de facto is, and tag MODP-2048 as weak. The latter is also removed from
the default selection, so newly created VPN connections won't use it
anymore, to follow BSI's recommendations of using DH groups >=3D 3000 bits
in 2022 and later.

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 3652627e9..9828b2f9e 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2,7 +2,7 @@
 ############################################################################=
###
 #                                                                           =
  #
 # IPFire.org - A linux based firewall                                       =
  #
-# Copyright (C) 2007-2020  IPFire Team  <info(a)ipfire.org>                 =
    #
+# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                 =
    #
 #                                                                           =
  #
 # This program is free software: you can redistribute it and/or modify      =
  #
 # it under the terms of the GNU General Public License as published by      =
  #
@@ -2360,11 +2360,11 @@ END
 	#use default advanced value
 	$cgiparams{'IKE_ENCRYPTION'}	=3D 'chacha20poly1305|aes256gcm128|aes256gcm96=
|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|=
aes128gcm96|aes128gcm64|aes128'; #[18];
 	$cgiparams{'IKE_INTEGRITY'}		=3D 'sha2_512|sha2_256'; #[19];
-	$cgiparams{'IKE_GROUPTYPE'}             =3D 'curve448|curve25519|4096|3072|=
2048'; #[20];
+	$cgiparams{'IKE_GROUPTYPE'}             =3D 'curve448|curve25519|4096|3072'=
; #[20];
 	$cgiparams{'IKE_LIFETIME'}		=3D '3'; #[16];
 	$cgiparams{'ESP_ENCRYPTION'}	=3D 'chacha20poly1305|aes256gcm128|aes256gcm96=
|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|=
aes128gcm96|aes128gcm64|aes128'; #[21];
 	$cgiparams{'ESP_INTEGRITY'}		=3D 'sha2_512|sha2_256'; #[22];
-	$cgiparams{'ESP_GROUPTYPE'}             =3D 'curve448|curve25519|4096|3072|=
2048'; #[23];
+	$cgiparams{'ESP_GROUPTYPE'}             =3D 'curve448|curve25519|4096|3072'=
; #[23];
 	$cgiparams{'ESP_KEYLIFE'}		=3D '1'; #[17];
 	$cgiparams{'COMPRESSION'}		=3D 'off'; #[13];
 	$cgiparams{'ONLY_PROPOSED'}		=3D 'on'; #[24];
@@ -3146,8 +3146,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 					<option value=3D'6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</opt=
ion>
 					<option value=3D'4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</opt=
ion>
 					<option value=3D'3072' $checked{'IKE_GROUPTYPE'}{'3072'}>MODP-3072</opt=
ion>
-					<option value=3D'2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048</opt=
ion>
-					<option value=3D'1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536</opt=
ion>
+					<option value=3D'2048' $checked{'IKE_GROUPTYPE'}{'2048'}>MODP-2048 ($La=
ng::tr{'vpn weak'})</option>
+					<option value=3D'1536' $checked{'IKE_GROUPTYPE'}{'1536'}>MODP-1536 ($La=
ng::tr{'vpn broken'})</option>
 					<option value=3D'1024' $checked{'IKE_GROUPTYPE'}{'1024'}>MODP-1024 ($La=
ng::tr{'vpn broken'})</option>
 					<option value=3D'768' $checked{'IKE_GROUPTYPE'}{'768'}>MODP-768 ($Lang:=
:tr{'vpn broken'})</option>
 				</select>
@@ -3169,8 +3169,8 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 					<option value=3D'6144' $checked{'ESP_GROUPTYPE'}{'6144'}>MODP-6144</opt=
ion>
 					<option value=3D'4096' $checked{'ESP_GROUPTYPE'}{'4096'}>MODP-4096</opt=
ion>
 					<option value=3D'3072' $checked{'ESP_GROUPTYPE'}{'3072'}>MODP-3072</opt=
ion>
-					<option value=3D'2048' $checked{'ESP_GROUPTYPE'}{'2048'}>MODP-2048</opt=
ion>
-					<option value=3D'1536' $checked{'ESP_GROUPTYPE'}{'1536'}>MODP-1536</opt=
ion>
+					<option value=3D'2048' $checked{'ESP_GROUPTYPE'}{'2048'}>MODP-2048 ($La=
ng::tr{'vpn weak'})</option>
+					<option value=3D'1536' $checked{'ESP_GROUPTYPE'}{'1536'}>MODP-1536 ($La=
ng::tr{'vpn broken'})</option>
 					<option value=3D'1024' $checked{'ESP_GROUPTYPE'}{'1024'}>MODP-1024 ($La=
ng::tr{'vpn broken'})</option>
 					<option value=3D'768' $checked{'ESP_GROUPTYPE'}{'768'}>MODP-768 ($Lang:=
:tr{'vpn broken'})</option>
 					<option value=3D'none' $checked{'ESP_GROUPTYPE'}{'none'}>- $Lang::tr{'n=
one'} -</option>
--=20
2.35.3

--===============0579897145120413643==--