Increased user security, upgrading Diffie-Hellman parameters to 2048 bits
Post categories
Alum
For non-technical users, the short version is that if you’re using a modern, up-to-date web browser, mobile device or mail client to access FastMail, then there’s nothing you need to do.
If you’re using old or unusual software to access or send via FastMail, you might be affected and should read on.
What’s happening?
On 30 March 2015 we will be increasing the size of the DH parameters for DHE ciphers to 2048 bits. This will cause connection problems for old software that cannot handle DH parameters greater than 1024 bits.
1024-bit RSA crypto is generally being phased out as insecure and has been for at least the last five years.
Breaking DH parameters is generally understood to require the same amount of computation as a RSA key of equivalent size. Therefore, the recommendation is to increase the size of DH parameters in step with the size of RSA keys.
If we don’t upgrade our crypto to 2048 bits for the general case, we’re compromising the security of all our users for a few that have old clients. We don’t consider that to be acceptable.
Will this affect me?
The main software we’re aware of that will be affected is iOS 5 and Java 6 and 7 (which often means business software that sends through our authenticated SMTP service).
If you’re unsure if you’re affected, you can test right now by pointing your software at https://beta.fastmail.com/ (web) or betamail.messagingengine.com (everything else). These servers are using the new config that will be rolled out on the 30th. Note that you shouldn’t use these names permanently; this is a test service and does not have the same redundancy as the main FastMail services.
If you can access your mail as normal using these servers, then you have nothing to worry about.
If you can’t connect through the beta servers but can through the main servers then its quite likely that you are affected and you will need to either upgrade or reconfigure your software, or switch to our “insecure” services at https://insecure.fastmail.com/ (web) or insecure.messagingengine.com (everything else). Using the insecure service is not recommended as it uses encryption that is known to be weak or broken.
Please note that we’re unable to help you upgrade or reconfigure your software, particularly for those Java business apps. You’ll need to contact your software vendor for that.
Further reading
If you’d like to read more about perfect forward secrecy and DH param lengths, the following technical articles may be interesting to you:
- http://en.wikipedia.org/wiki/Forward_secrecy
- https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy
- https://blog.cloudflare.com/staying-on-top-of-tls-attacks/
- </2013/08/09/fastmail-uses-perfect-forward-secrecy-with-httpstls-connections/>
- http://security.stackexchange.com/questions/48300/why-should-the-dh-keylength-match-rsa-length-in-tls