[Ach] Shouldn't ECDHE be preferred over EDH and EECDH?
christian mock
cm at coretec.at
Tue Apr 22 11:01:12 CEST 2014
On Tue, Apr 22, 2014 at 02:40:32AM +0200, Martin J wrote:
> Hi,
>
> In many places throughout the text are EDH and EECDH used (e.g. Apache),
> and in the OpenVPN section is ECDHE is explicitly written that it have been
> excluded. ECDHE offers forward secrecy, which prevents captured packages to
> be decrypted later on, even when having the private key.
regarding OpenVPN, we have a 256 char limit on the cipher strings, so
I decided to drop ECDHE completely to make it fit. The reason for
dropping it was of course the speculation about backdoors in the NIST
curves.
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list