[Ach] bettercrypto.org using non-optimal crypto?
Alan Orth
alan.orth at gmail.com
Wed Jul 9 11:04:19 CEST 2014
Hey,
Good to know about AES_CBC, Aaron!
Now, I just checked again, and bettercrypto.org is using AES_128_GCM
with DHE_RSA. I haven't applied any updates in the last few days either...
For posterity, I was on Chromium Chrome/35.0.1916.153 on Arch GNU/Linux
x86_64. Here's the ciphers ssllabs says my client supports:
Cipher Suites (in order of preference)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy* 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128
Weird...
Alan
On 07/08/2014 12:20 PM, Torsten Gigler wrote:
> Hi Alan,
>
> may I suggest to check the ciphers that are active on your browser:
> https://www.ssllabs.com/ssltest/viewMyClient.html
> And provide the Ciphers you get back from ssllabs.com <http://ssllabs.com>.
> (This is the expected standard for Chrome 34:
> https://www.ssllabs.com/ssltest/viewClient.html?name=Chrome&version=34&platform=OS%20X)
>
> According to ssllabs, the server 'bettercrypto.org
> <http://bettercrypto.org>' should choose:
> Chrome 34 / OS X
> <https://www.ssllabs.com/ssltest/viewClient.html?name=Chrome&version=34&platform=OS%20X>
> R TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (|0x9e|) FS
>
>
> from the ciphers that your browser supports.
>
> Kind regards
> Torsten
>
>
> 2014-07-08 11:06 GMT+02:00 Aaron Zauner <azet at azet.org
> <mailto:azet at azet.org>>:
>
> Hi Alan,
>
> Alan Orth wrote:
> > Thanks for the explanation, Pepi and Aaron. The choices seem
> reasonable
> > now that you explained the logic.
> Short update on that; I asked Adam Langley from Google via Twitter
> yesterday why Chrome does not support a stronger HMAC. He pointed out
> that AES-CBC mode is still susceptible to the Lucky13 Attack, which I -
> to be honest - totally forgot about. So your concern is valid.
>
> What I don't understand is why your Chrome did not negotiate for
> AES-GCM. On which platform are you testing this (OS and architecture)?
>
> Aaron
>
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at <mailto:Ach at lists.cert.at>
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
--
Alan Orth
alan.orth at gmail.com
http://alaninkenya.org
http://mjanja.co.ke
"I have always wished for my computer to be as easy to use as my
telephone; my wish has come true because I can no longer figure out how
to use my telephone." -Bjarne Stroustrup, inventor of C++
GPG public key ID: 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140709/0aa5edc9/attachment.sig>
More information about the Ach
mailing list