As a default, ejabberd is secured and resistant to logjam attacks. However, ejabberd 15.06 adds improvements that makes ejabberd even more resistant to future attacks.

We hope you will find valuable information there, even from a general XMPP security standpoint.

What is logjam security issue ?

In may 2015, a team of researchers (Henninger et. al) published a paper explain two possible weakness in client / server communication encryption (“Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”) .

The paper covers two issues the team uncovered:

• discrete logs attack on a 512-bit Diffie-Hellman (DH) group
• protocol downgrade attack against TLS connections

TLS protocol vulnerability

The TLS protocol vulnerability can allow to downgrade security to 512-bit DHE_EXPORT keys with a man-in-the-middle attack. It requires the attacker to be in the same network and have access to network routing to perform the attack. This is condition that are difficult to reproduce, except on public wifi for example or mobile connections.

However, ejabberd default configuration forbids a set a weak ciphers. The default configuration in ejabberd bans export weak ciphers and a few others: "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2"

It means that using ejabberd with default setting is safe.

In case you are using custom cipher list in your ejabberd configuration, please, make sure you do not explicitly allow EXPORT ciphers in you configuration file.

Attack on small Diffie-Hellman groups

The researchers have shown that small 512-bit or 1024-bit Diffie-Helman prime groups are vulnerable to attack under the following circumstances: Many server comes preconfigured with 512 or 1024-bit prime group. Precomputing an attack against very common small groups mean that someone with access to the network could eavedrop on connections. Even if cost to precompute attack on a single 1024-bit prime are extremely expensive, it is recommended to be on the safe side (and future proof) to generate your own DH parameters.

At the moment, as ejabberd does not allow as default ‘export’ cipher, you are still safe. However, we recommend in our best practices to set your own DH parameters, as allowed in ejabberd Community Edition 15.06.

Using your own Diffie-Helman parameters with ejabberd

To generate your own parameters DH you can generate a .pem file with:

openssl dhparam -out dhparams.pem 2048

Then, simply tell ejabberd to use your own 2048-bit prime DH group by adding the following entries in your listener configuration file and global parameters for outgoing s2s connections:

listen:
  -
    port: 5222
    module: ejabberd_c2s
    access: c2s
    shaper: c2s_shaper
    starttls: true
    certfile: "/etc/ejabberd/server.pem"
    dhfile: "/etc/ejabberd/dhparams.pem"
    max_stanza_size: 65536
  -
    port: 5223
    module: ejabberd_c2s
    access: c2s
    shaper: c2s_shaper
    tls: true
    max_stanza_size: 65536
  -
    port: 5269
    ip: "::"
    module: ejabberd_s2s_in
    shaper: s2s_shaper
    max_stanza_size: 131072

# For s2s connection, you need a global parameter:
s2s_certfile: "/etc/ejabberd/server.pem"
s2s_dhfile: "/etc/ejabberd/dhparams.pem"

Conclusion

ejabberd team always work hard to make ejabberd highly secure and follow the state of the art practices in term of security. As security is highly depend on computing power available at any given time, we do our best to anticipate to make sure you will stay on the safe side for the years to come.

However, there is no emergency in implementing our recommendations. These are the best practice that you should look forward implementing as your time allows.