As a default, ejabberd is secured and resistant to logjam attacks. However, ejabberd 15.06 adds improvements that makes ejabberd even more resistant to future attacks.
We hope you will find valuable information there, even from a general XMPP security standpoint.
What is logjam security issue ?
In may 2015, a team of researchers (Henninger et. al) published a paper explain two possible weakness in client / server communication encryption (“Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”) .
The paper covers two issues the team uncovered:
- discrete logs attack on a 512-bit Diffie-Hellman (DH) group
- protocol downgrade attack against TLS connections
TLS protocol vulnerability
The TLS protocol vulnerability can allow to downgrade security to 512-bit DHE_EXPORT keys with a man-in-the-middle attack. It requires the attacker to be in the same network and have access to network routing to perform the attack. This is condition that are difficult to reproduce, except on public wifi for example or mobile connections.
However, ejabberd default configuration forbids a set a weak ciphers. The default configuration in ejabberd bans export weak ciphers and a few others: "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2"
It means that using ejabberd with default setting is safe.
In case you are using custom cipher list in your ejabberd configuration, please, make sure you do not explicitly allow EXPORT ciphers in you configuration file.
Attack on small Diffie-Hellman groups
The researchers have shown that small 512-bit or 1024-bit Diffie-Helman prime groups are vulnerable to attack under the following circumstances: Many server comes preconfigured with 512 or 1024-bit prime group. Precomputing an attack against very common small groups mean that someone with access to the network could eavedrop on connections. Even if cost to precompute attack on a single 1024-bit prime are extremely expensive, it is recommended to be on the safe side (and future proof) to generate your own DH parameters.
At the moment, as ejabberd does not allow as default ‘export’ cipher, you are still safe. However, we recommend in our best practices to set your own DH parameters, as allowed in ejabberd Community Edition 15.06.
Using your own Diffie-Helman parameters with ejabberd
To generate your own parameters DH you can generate a .pem file with:
openssl dhparam -out dhparams.pem 2048
Then, simply tell ejabberd to use your own 2048-bit prime DH group by adding the following entries in your listener configuration file and global parameters for outgoing s2s connections:
listen:
-
port: 5222
module: ejabberd_c2s
access: c2s
shaper: c2s_shaper
starttls: true
certfile: "/etc/ejabberd/server.pem"
dhfile: "/etc/ejabberd/dhparams.pem"
max_stanza_size: 65536
-
port: 5223
module: ejabberd_c2s
access: c2s
shaper: c2s_shaper
tls: true
max_stanza_size: 65536
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
shaper: s2s_shaper
max_stanza_size: 131072
# For s2s connection, you need a global parameter:
s2s_certfile: "/etc/ejabberd/server.pem"
s2s_dhfile: "/etc/ejabberd/dhparams.pem"
Conclusion
ejabberd team always work hard to make ejabberd highly secure and follow the state of the art practices in term of security. As security is highly depend on computing power available at any given time, we do our best to anticipate to make sure you will stay on the safe side for the years to come.
However, there is no emergency in implementing our recommendations. These are the best practice that you should look forward implementing as your time allows.
